CVE-2022-27166
Apache JSPWiki XSS due to crafted request on XHRHtml2Markup.jsp
6.1
MEDIUM
CVSS 3.1
EPSS 17.5%
Description
A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Version 2.11.3 contains a fix for the problem
How to fix CVE-2022-27166
To remediate CVE-2022-27166, upgrade the affected package to a fixed version below.
- —upgrade to 2.11.3 or later
Is CVE-2022-27166 being exploited?
Moderate — EPSS is 17.5%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 2.11.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |