On Wed, Aug 3, 2022 at 10:46 PM Juan Pablo Santos Rodríguez <juanpa...@apache.org> wrote: > > Severity: moderate > > Description: > > A carefully crafted request on WeblogPlugin could trigger an XSS > vulnerability on Apache JSPWiki, which could allow the attacker to execute > javascript in the victim's browser and get some sensitive information about > the victim. > > Mitigation: > > Apache JSPWiki users should upgrade to 2.11.3 or later. > > Credit: > > This issue was discovered by Wang Ran, from JDArmy, @jd.com > > References: > > https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732 >