CVE-2022-46907

Published: May 25, 2023Modified: Feb 13, 2025

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.

Affected (1)

Products: Apache: Jspwiki

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Jspwiki	Before 2.12.0

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://www.openwall.com/lists/oss-security/2023/05/25/1

Source: security@apache.org

Mailing ListThird Party Advisory

https://lists.apache.org/thread/1m0mkq2nttx8tn94m11mytn4f0tv1504

Source: security@apache.org

Mailing ListVendor Advisory

http://www.openwall.com/lists/oss-security/2023/05/25/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.apache.org/thread/1m0mkq2nttx8tn94m11mytn4f0tv1504

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

Timeline

No history available yet.