CVE-2022-46907
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
Apache JSPWiki vulnerable to cross-site scripting on several plugins
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.jspwiki:jspwiki-main | <2.12.0 | 2.12.0 |
| Maven | org.apache.jspwiki:jspwiki-war | <2.12.0 | 2.12.0 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2022-46907
- https://github.com/apache/jspwiki/commit/0b9a0149032170063f22d65e335dfd317db815ea
- https://github.com/apache/jspwiki/commit/46e1ef7a595ca5cabf5ef184139910413f2024fc
- https://github.com/apache/jspwiki/commit/484c6a133e397693991b7c9a9b62ef3ca48ce707
- https://github.com/apache/jspwiki/commit/75019d337f1d0033b1f65428e75f43baeffd99dd
- https://github.com/apache/jspwiki/commit/82be08904a6d8bd22fa2d4e5a7e85f43408724d3
- https://github.com/apache/jspwiki/commit/9d6dbf911d52d724297e4e46c4b80649fb028ff9
- https://github.com/apache/jspwiki/commit/df20770f251a8d7431047e556b144ef24ee6a3a7
- https://github.com/apache/jspwiki
- https://github.com/apache/jspwiki/blob/37bf55373ed5a739a388a720163cf51d1104537f/ChangeLog.md?plain=1#L112
- https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-46907
- https://lists.apache.org/thread/1m0mkq2nttx8tn94m11mytn4f0tv1504
- http://www.openwall.com/lists/oss-security/2023/05/25/1
Verify integrity in audit chain (admin only). AS-IS.