CVE-2022-46907
Apache JSPWiki vulnerable to cross-site scripting on several plugins
6.1
MEDIUM
CVSS 3.1
EPSS 4.4%
Description
A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.
How to fix CVE-2022-46907
To remediate CVE-2022-46907, upgrade the affected package to a fixed version below.
- —upgrade to 2.12.0 or later
- —upgrade to 2.12.0 or later
Is CVE-2022-46907 being exploited?
Low — EPSS is 4.4%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.12.0
- from 0, < 2.12.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |