CVE-2022-46907

CVE-2022-46907: Apache JSPWiki: XSS Injection points in several plugins

Vendor Apache Software Foundation

Product Apache JSPWiki

Weakness CWE-79 · XSS

Published May 25, 2023

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.

Key dates

Disclosure timeline

May 25, 2023 CVE published

February 13, 2025 Record updated