CVE-2024-27136 – org.apache.jspwiki:jspwiki-main

Package

Manager: maven
Name: org.apache.jspwiki:jspwiki-main
Vulnerable Version: >=0 <2.12.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.34637 pctl0.96879

Details

Cross site scripting in Apache JSPWiki XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.2 or later.

Metadata

Created: 2024-06-24T09:30:53Z
Modified: 2025-03-20T19:41:59Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-36gf-vpj2-j42w/GHSA-36gf-vpj2-j42w.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-36gf-vpj2-j42w
Finding: F008
Auto approve: 1