CVE-2022-28731

MEDIUM6.5EPSS 15.5%

Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp

Published: 8/5/2022Modified: 11/8/2023

Description

A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.

Affected packages (1)

Maven/org.apache.jspwiki:jspwiki-mainfrom 0, < 2.11.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-28731
PATCHhttps://github.com/apache/jspwiki
WEBhttps://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732