CVE-2022-28731
MEDIUMApache JSPWiki < 2.11.3 - Cross-Site Request Forgery via UserPreferences.jsp
Title source: llmDescription
A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.
References (1)
Core 1
Core References
Not Applicable, Vendor Advisory x_refsource_misc
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732
Scores
CVSS v3
6.5
EPSS
0.1546
EPSS Percentile
94.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-352
Status
published
Products (2)
apache/jspwiki
< 2.11.3
org.apache.jspwiki/jspwiki-main
0 - 2.11.3Maven
Published
Aug 04, 2022
Tracked Since
Feb 18, 2026