XSS vulnerability on XHRHtml2Markup.jsp in JSPWiki 2.11.2
CVE-2022-27166

6.1MEDIUM

Key Information:

Vendor: Apache
Status: Apache Jspwiki
Vendor: CVE Published:; 4 August 2022

What is CVE-2022-27166?

A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Affected Version(s)

Apache JSPWiki Apache JSPWiki

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732

x_refsource_MISC

EPSS Score

40% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 4, 2022
Vulnerability Reserved
Mar 14, 2022

Credit

Issue was discovered by Salt, <saltnekoko AT gmail DOT com>