XSS vulnerability on XHRHtml2Markup.jsp in JSPWiki 2.11.2
CVE-2022-27166

6.1MEDIUM

Key Information:

Vendor: Apache
Status: Apache Jspwiki
Vendor: CVE Published:; 4 August 2022

Summary

A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Affected Version(s)

Apache JSPWiki Apache JSPWiki

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 4, 2022
Vulnerability Reserved
Mar 14, 2022

Credit

Issue was discovered by Salt, <saltnekoko AT gmail DOT com>