CVE-2021-40369
MEDIUMApache JSPWiki < 2.11.0 - Cross-Site Scripting via Denounce Plugin
Title source: llmDescription
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.0 or later.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-40369
Vendor Advisory x_refsource_misc
https://lists.apache.org/thread/r2j00nrnpjgcmoxvlv3pgfoq9kzrcsfh
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/08/03/3
Scores
CVSS v3
6.1
EPSS
0.0291
EPSS Percentile
86.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
apache/jspwiki
< 2.11.0
org.apache.jspwiki/jspwiki-main
0 - 2.11.0Maven
Published
Nov 24, 2021
Tracked Since
Feb 18, 2026