CVE-2022-28731

CVE-2022-28731: Apache JSPWiki CSRF in UserPreferences.jsp

Vendor Apache Software Foundation

Product Apache JSPWiki

Published August 4, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.

Key dates

Disclosure timeline

August 4, 2022 CVE published

August 3, 2024 Record updated