CVE-2022-46907

MEDIUM LAB

Apache JSPWiki < 2.12.0 - Cross-Site Scripting via Crafted Plugin Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-46907. PoCs published by shoucheng3.

AI-analyzed exploit summary This repository contains documentation and source code for Apache JSPWiki 2.11, but no exploit PoC or offensive techniques. It includes README instructions and Java interface files, but no executable exploit code.

Description

A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.

Exploits (1)

nomisec WRITEUP
by shoucheng3 · poc
https://github.com/shoucheng3/apache__jspwiki_CVE-2022-46907_2-11-3

This repository contains documentation and source code for Apache JSPWiki 2.11, but no exploit PoC or offensive techniques. It includes README instructions and Java interface files, but no executable exploit code.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Apache JSPWiki 2.11
No auth needed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/05/25/1
Mailing List, Vendor Advisory vendor-advisory
https://lists.apache.org/thread/1m0mkq2nttx8tn94m11mytn4f0tv1504

Scores

CVSS v3 6.1
EPSS 0.0441
EPSS Percentile 89.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Lab Environment

COMMUNITY
Community Lab
docker pull tomcat:9.0

Details

CWE
CWE-79
Status published
Products (3)
apache/jspwiki < 2.12.0
org.apache.jspwiki/jspwiki-main 0 - 2.12.0Maven
org.apache.jspwiki/jspwiki-war 0 - 2.12.0Maven
Published May 25, 2023
Tracked Since Feb 18, 2026