CVE-2022-27166
MEDIUMApache JSPWiki <= 2.11.2 - Cross-Site Scripting via XHRHtml2Markup.jsp
Title source: llmDescription
A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732
Scores
CVSS v3
6.1
EPSS
0.1753
EPSS Percentile
95.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
apache/jspwiki
< 2.11.3
org.apache.jspwiki/jspwiki-main
0 - 2.11.3Maven
Published
Aug 04, 2022
Tracked Since
Feb 18, 2026