CVE-2022-28732

CVE-2022-28732: Apache JSPWiki Cross-site scripting vulnerability on WeblogPlugin

Vendor Apache Software Foundation

Product Apache JSPWiki

Published August 4, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.

Key dates

Disclosure timeline

August 4, 2022 CVE published

August 3, 2024 Record updated