CVE-2022-24948: Apache JSPWiki Cross-site scripting vulnerability on User Preferences screen
First published: Fri Feb 25 2022(Updated: )
A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.2 or later.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache JSPWiki | <2.11.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this XSS vulnerability?
The vulnerability ID for this XSS vulnerability is CVE-2022-24948.
What is the severity of CVE-2022-24948?
The severity of CVE-2022-24948 is medium, with a CVSS score of 6.1.
How does this vulnerability impact Apache JSPWiki?
This vulnerability could allow an attacker to execute JavaScript in the victim's browser and potentially gain access to sensitive information about the victim.
How can I protect my Apache JSPWiki installation from this vulnerability?
To protect your Apache JSPWiki installation, make sure to upgrade to a version above 2.11.2, as this vulnerability has been patched in later versions.
Where can I find more information about CVE-2022-24948?
You can find more information about CVE-2022-24948 on the Openwall mailing list and the Apache JSPWiki mailing list.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/title
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- vendor/apache
- canonical/apache jspwiki