CVE-2022-28732
Apache JSPWiki XSS due to crafted request in WeblogPlugin
6.1
MEDIUM
CVSS 3.1
EPSS 8.6%
Description
A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.
How to fix CVE-2022-28732
To remediate CVE-2022-28732, upgrade the affected package to a fixed version below.
- —upgrade to 2.11.3 or later
Is CVE-2022-28732 being exploited?
Moderate — EPSS is 8.6%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 2.11.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |