CVE-2022-46907

MEDIUM LAB

Apache JSPWiki <2.12.0 - XSS

Title source: llm

Description

A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.

Exploits (1)

nomisec WRITEUP

by shoucheng3 · poc

https://github.com/shoucheng3/apache__jspwiki_CVE-2022-46907_2-11-3

View Code ZIP pw:eip

References (2)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2023/05/25/1

[Mailing List, Vendor Advisory] https://lists.apache.org/thread/1m0mkq2nttx8tn94m11mytn4f0tv1504

Scores

CVSS v3 6.1

EPSS 0.0324

EPSS Percentile 87.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Lab Environment

COMMUNITY

Community Lab

docker pull tomcat:9.0

https://github.com/shoucheng3/apache__jspwiki_CVE-2022-46907_2-11-3

View in Library

Details

CWE

CWE-79

Status published

Products (3)

apache/jspwiki < 2.12.0

org.apache.jspwiki/jspwiki-main 0 - 2.12.0Maven

org.apache.jspwiki/jspwiki-war 0 - 2.12.0Maven

Published May 25, 2023

Tracked Since Feb 18, 2026