GHSA-qvq8-cw7f-m7m4

Source
https://github.com/advisories/GHSA-qvq8-cw7f-m7m4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-qvq8-cw7f-m7m4/GHSA-qvq8-cw7f-m7m4.json
Aliases
Published
2023-05-25T09:30:25Z
Modified
2024-02-16T08:21:05.019931Z
Details

A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.

References

Affected packages

Maven / org.apache.jspwiki:jspwiki-main

Package

Name
org.apache.jspwiki:jspwiki-main

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.12.0

Affected versions

2.*

2.11.0.M1
2.11.0.M2
2.11.0.M3
2.11.0.M4
2.11.0.M5
2.11.0.M6
2.11.0.M7
2.11.0.M8
2.11.0
2.11.1
2.11.2
2.11.3

Maven / org.apache.jspwiki:jspwiki-war

Package

Name
org.apache.jspwiki:jspwiki-war

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.12.0

Affected versions

2.*

2.10.0
2.10.1
2.10.2
2.10.3
2.10.4
2.10.5
2.11.0.M1
2.11.0.M2
2.11.0.M3
2.11.0.M4
2.11.0.M5
2.11.0.M6
2.11.0.M7
2.11.0.M8
2.11.0
2.11.1
2.11.2
2.11.3