CVE-2022-28731
Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp
6.5
MEDIUM
CVSS 3.1
EPSS 15.5%
Description
A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.
How to fix CVE-2022-28731
To remediate CVE-2022-28731, upgrade the affected package to a fixed version below.
- —upgrade to 2.11.3 or later
Is CVE-2022-28731 being exploited?
Moderate — EPSS is 15.5%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 2.11.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |