CVE-2022-46907

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-46907
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46907.json
Aliases
Published
2023-05-25T07:15:08Z
Modified
2024-05-14T12:28:34.445964Z
Summary
[none]
Details

A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.

References

Affected packages

Git / github.com/apache/jspwiki

Affected ranges

Type
GIT
Repo
https://github.com/apache/jspwiki
Events
Introduced
0The exact introduced commit is unknown
Fixed

Affected versions

2.*

2.10.3
2.10.3-RC1
2.10.3-RC2
2.10.4
2.10.4-RC1
2.10.4-RC2
2.10.4-RC3
2.10.5
2.10.5-RC1
2.10.5-RC2
2.11.0
2.11.0-RC1
2.11.0-RC2
2.11.0.M1
2.11.0.M1-RC1
2.11.0.M1-RC2
2.11.0.M1.RC3
2.11.0.M2
2.11.0.M2-RC1
2.11.0.M3
2.11.0.M3-RC1
2.11.0.M3-RC2
2.11.0.M4
2.11.0.M4-RC1
2.11.0.M4-RC2
2.11.0.M5
2.11.0.M5-RC1
2.11.0.M5-RC2
2.11.0.M5-RC3
2.11.0.M6
2.11.0.M6-RC1
2.11.0.M7
2.11.0.M7-RC1
2.11.0.M8
2.11.0.M8-RC1
2.11.1
2.11.1-RC1
2.11.2
2.11.2-RC1
2.11.3
2.11.3-RC1
2.12.0-RC1