CVE-2022-27166: XSS vulnerability on XHRHtml2Markup.jsp in JSPWiki 2.11.2
First published: Thu Aug 04 2022(Updated: )
A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache JSPWiki | <2.11.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-27166?
The severity of CVE-2022-27166 is medium with a CVSS score of 6.1.
How does CVE-2022-27166 affect Apache JSPWiki?
CVE-2022-27166 affects Apache JSPWiki up to and including version 2.11.2.
What type of vulnerability is CVE-2022-27166?
CVE-2022-27166 is an XSS (Cross-Site Scripting) vulnerability.
What is the potential impact of CVE-2022-27166?
CVE-2022-27166 could allow an attacker to execute javascript in the victim's browser and gain access to sensitive information.
Is there a fix available for CVE-2022-27166?
Upgrading to version 2.11.3 or above of Apache JSPWiki fixes the CVE-2022-27166 vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/severity
- agent/title
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/apache
- canonical/apache jspwiki