CVE-2022-46907

Source
https://cve.org/CVERecord?id=CVE-2022-46907
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46907.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-46907
Aliases
Published
2023-05-25T06:58:18.912Z
Modified
2026-07-08T06:04:20.002718263Z
Summary
Apache JSPWiki: XSS Injection points in several plugins
Details

A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "fixed": "Apache JSPWiki up to 2.12.0"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/46xxx/CVE-2022-46907.json",
    "cwe_ids": [
        "CWE-79"
    ],
    "cna_assigner": "apache"
}
References

Affected packages

Git / github.com/apache/jspwiki

Affected ranges

Type
GIT
Repo
https://github.com/apache/jspwiki
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.12.0"
        }
    ]
}

Affected versions

2.*
2.10.3
2.10.3-RC1
2.10.3-RC2
2.10.4
2.10.4-RC1
2.10.4-RC2
2.10.4-RC3
2.10.5
2.10.5-RC1
2.10.5-RC2
2.11.0
2.11.0-RC1
2.11.0-RC2
2.11.0.M1
2.11.0.M1-RC1
2.11.0.M1-RC2
2.11.0.M1.RC3
2.11.0.M2
2.11.0.M2-RC1
2.11.0.M3
2.11.0.M3-RC1
2.11.0.M3-RC2
2.11.0.M4
2.11.0.M4-RC1
2.11.0.M4-RC2
2.11.0.M5
2.11.0.M5-RC1
2.11.0.M5-RC2
2.11.0.M5-RC3
2.11.0.M6
2.11.0.M6-RC1
2.11.0.M7
2.11.0.M7-RC1
2.11.0.M8
2.11.0.M8-RC1
2.11.1
2.11.1-RC1
2.11.2
2.11.2-RC1
2.11.3
2.11.3-RC1
2.12.0-RC1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46907.json"