CVE-2024-27136
MEDIUMApache JSPWiki < 2.12.2 - Cross-Site Scripting in Upload Page
Title source: llmDescription
XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.2 or later.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
https://lists.apache.org/thread/gfms8gbncqqkj52p861b8fnsypwsl1d5
Vendor Advisory vendor-advisory
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2024-27136
Scores
CVSS v3
6.1
EPSS
0.5056
EPSS Percentile
97.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
apache/jspwiki
< 2.12.2
org.apache.jspwiki/jspwiki-main
0 - 2.12.2Maven
Published
Jun 24, 2024
Tracked Since
Feb 18, 2026