CVE-2022-28732
MEDIUMApache JSPWiki < 2.11.3 - Cross-Site Scripting via WeblogPlugin
Title source: llmDescription
A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732
Scores
CVSS v3
6.1
EPSS
0.0859
EPSS Percentile
92.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
apache/jspwiki
< 2.11.3
org.apache.jspwiki/jspwiki-main
0 - 2.11.3Maven
Published
Aug 04, 2022
Tracked Since
Feb 18, 2026