oss-sec mailing list archives

CVE-2024-27136: Apache JSPWiki: Cross-site scripting vulnerability on upload page

From: Juan Pablo Santos Rodríguez <juanpablo () apache org>
Date: Sun, 23 Jun 2024 21:31:24 +0200

Severity: moderate

Affected versions:

- Apache JSPWiki through 2.12.1

Description:

XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the
attacker to execute javascript in the victim's browser and get some
sensitive information about the victim.  Apache JSPWiki users should
upgrade to 2.12.2 or later.

Credit:

This issue was discovered by sonnh from Vietnam National Cyber
security technology corporation (finder)

References:

https://jspwiki.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-27136
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2024-27136

Current thread:

CVE-2024-27136: Apache JSPWiki: Cross-site scripting vulnerability on upload page Juan Pablo Santos Rodríguez (Jun 23)