CVE-2021-40369 – org.apache.jspwiki:jspwiki-main

Package

Manager: maven
Name: org.apache.jspwiki:jspwiki-main
Vulnerable Version: >=0 <2.11.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.14806 pctl0.9427

Details

Apache JSPWiki Cross-site Scripting due to carefully crafted plugin link invocation A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.0 or later.

Metadata

Created: 2021-12-02T17:49:14Z
Modified: 2022-08-11T14:51:18Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-cfqj-9g2g-w7q6/GHSA-cfqj-9g2g-w7q6.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-cfqj-9g2g-w7q6
Finding: F008
Auto approve: 1