CVE-2022-28730

Published: Aug 4, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce plugin dangerously renders user-supplied URLs. Upon re-testing CVE-2021-40369, it appears that the patch was incomplete as it was still possible to insert malicious input via the Denounce plugin. Apache JSPWiki users should upgrade to 2.11.3 or later.

Vendor	Product	Versions
Apache Software Foundation	Apache JSPWiki	affected `Apache JSPWiki - <= Apache JSPWiki up to 2.11.2`

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-28730

Description

Affected Products

References