You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jspwiki.apache.org by Juan Pablo Santos Rodríguez <ju...@apache.org> on 2022/08/03 20:46:18 UTC
CVE-2022-28732: Apache JSPWiki Cross-site scripting vulnerability on WeblogPlugin
Severity: moderate
Description:
A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
Mitigation:
Apache JSPWiki users should upgrade to 2.11.3 or later.
Credit:
This issue was discovered by Wang Ran, from JDArmy, @jd.com
References:
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732
Re: CVE-2022-28732: Apache JSPWiki Cross-site scripting vulnerability on WeblogPlugin
Posted by Juan Pablo Santos Rodríguez <ju...@gmail.com>.
On Wed, Aug 3, 2022 at 10:46 PM Juan Pablo Santos Rodríguez
<ju...@apache.org> wrote:
>
> Severity: moderate
>
> Description:
>
> A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
>
> Mitigation:
>
> Apache JSPWiki users should upgrade to 2.11.3 or later.
>
> Credit:
>
> This issue was discovered by Wang Ran, from JDArmy, @jd.com
>
> References:
>
> https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732
>