GHSA-9953-fmrw-v4vm

Source

https://github.com/advisories/GHSA-9953-fmrw-v4vm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-9953-fmrw-v4vm/GHSA-9953-fmrw-v4vm.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9953-fmrw-v4vm

Aliases

CVE-2022-24948

Published

2022-02-26T00:00:44Z

Modified

2023-11-08T04:08:40.401016Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Cross-site Scripting in Apache JSPWiki

Details

A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.2 or later.

Database specific

{
    "nvd_published_at": "2022-02-25T09:15:00Z",
    "github_reviewed_at": "2022-03-01T19:43:13Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Maven / org.apache.jspwiki:jspwiki-main

Package

Name: org.apache.jspwiki:jspwiki-main; View open source insights on deps.dev
Purl: pkg:maven/org.apache.jspwiki/jspwiki-main

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.11.2

Affected versions

2.*

2.11.0.M1

2.11.0.M2

2.11.0.M3

2.11.0.M4

2.11.0.M5

2.11.0.M6

2.11.0.M7

2.11.0.M8

2.11.0

2.11.1