CVE-2021-40369: XSS vulnerability on Denounce plugin
First published: Wed Nov 24 2021(Updated: )
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.0 or later.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache JSPWiki | <2.11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-40369?
CVE-2021-40369 is a vulnerability in Apache JSPWiki that allows an attacker to trigger an XSS vulnerability through a carefully crafted plugin link invocation.
How does CVE-2021-40369 work?
CVE-2021-40369 works by exploiting a vulnerability in the Denounce plugin of Apache JSPWiki, allowing the attacker to execute malicious JavaScript in the victim's browser and obtain sensitive information.
What is the severity of CVE-2021-40369?
The severity of CVE-2021-40369 is medium with a CVSS score of 6.1.
How can I fix CVE-2021-40369?
To fix CVE-2021-40369, Apache JSPWiki users should upgrade to version 2.11.0 or later.
Where can I find more information about CVE-2021-40369?
More information about CVE-2021-40369 can be found on the Apache JSPWiki website and the OSS Security mailing list.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/apache
- canonical/apache jspwiki