CVE-2021-40369

Опубликовано: 24 нояб. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.0 or later.

Ссылки

http://www.openwall.com/lists/oss-security/2022/08/03/3
Mailing List
Third Party Advisory
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-40369
Vendor Advisory
https://lists.apache.org/thread/r2j00nrnpjgcmoxvlv3pgfoq9kzrcsfh
Vendor Advisory
http://www.openwall.com/lists/oss-security/2022/08/03/3
Mailing List
Third Party Advisory
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-40369
Vendor Advisory
https://lists.apache.org/thread/r2j00nrnpjgcmoxvlv3pgfoq9kzrcsfh
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:*

Версия до 2.11.0 (исключая)

EPSS

Процентиль: 93%

0.09621

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-40369

CVSS3: 6.1

ubuntu

около 4 лет назад

CVE-2021-40369

CVSS3: 6.1

debian

около 4 лет назад

A carefully crafted plugin link invocation could trigger an XSS vulner ...

GHSA-cfqj-9g2g-w7q6

CVSS3: 6.1

github

около 4 лет назад

Apache JSPWiki Cross-site Scripting due to carefully crafted plugin link invocation

EPSS

Процентиль: 93%

0.09621

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79