You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jspwiki.apache.org by Juan Pablo Santos Rodríguez <ju...@apache.org> on 2022/08/03 20:46:18 UTC

CVE-2022-28732: Apache JSPWiki Cross-site scripting vulnerability on WeblogPlugin

Severity: moderate

Description:

A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. 

Mitigation:

Apache JSPWiki users should upgrade to 2.11.3 or later. 

Credit:

This issue was discovered by Wang Ran, from JDArmy, @jd.com 

References:

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732

Re: CVE-2022-28732: Apache JSPWiki Cross-site scripting vulnerability on WeblogPlugin

Posted by Juan Pablo Santos Rodríguez <ju...@gmail.com>.

On Wed, Aug 3, 2022 at 10:46 PM Juan Pablo Santos Rodríguez
<ju...@apache.org> wrote:
>
> Severity: moderate
>
> Description:
>
> A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
>
> Mitigation:
>
> Apache JSPWiki users should upgrade to 2.11.3 or later.
>
> Credit:
>
> This issue was discovered by Wang Ran, from JDArmy, @jd.com
>
> References:
>
> https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732
>