CVE-2022-46907

Опубликовано: 25 мая 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.

Ссылки

http://www.openwall.com/lists/oss-security/2023/05/25/1
Mailing List
Third Party Advisory
https://lists.apache.org/thread/1m0mkq2nttx8tn94m11mytn4f0tv1504
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/05/25/1
Mailing List
Third Party Advisory
https://lists.apache.org/thread/1m0mkq2nttx8tn94m11mytn4f0tv1504
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:*

Версия до 2.12.0 (исключая)

EPSS

Процентиль: 88%

0.03652

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-46907

CVSS3: 6.1

debian

больше 2 лет назад

A carefully crafted request on several JSPWiki plugins could trigger a ...

GHSA-qvq8-cw7f-m7m4

CVSS3: 6.1

github

больше 2 лет назад

Apache JSPWiki vulnerable to cross-site scripting on several plugins

EPSS

Процентиль: 88%

0.03652

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79