CVE-2024-27136

MEDIUM

Apache JSPWiki <2.12.2 - XSS

Title source: llm

Description

XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.2 or later.

References (3)

[Vendor Advisory] https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2024-27136

[Vendor Advisory] https://lists.apache.org/thread/gfms8gbncqqkj52p861b8fnsypwsl1d5

[Mailing List] http://www.openwall.com/lists/oss-security/2024/06/23/3

Scores

CVSS v3 6.1

EPSS 0.3862

EPSS Percentile 97.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (2)

apache/jspwiki < 2.12.2

org.apache.jspwiki/jspwiki-main < 2.12.2Maven

Timeline

Published Jun 24, 2024

Tracked Since Feb 18, 2026