A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.
References
Link | Resource |
---|---|
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732 | Not Applicable Vendor Advisory |
Configurations
History
10 Aug 2022, 15:52
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CWE | CWE-352 | |
First Time |
Apache
Apache jspwiki |
|
References | (MISC) https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732 - Not Applicable, Vendor Advisory |
04 Aug 2022, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-04 07:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-28731
Mitre link : CVE-2022-28731
CVE.ORG link : CVE-2022-28731
JSON object : View
Products Affected
apache
- jspwiki
CWE
CWE-352
Cross-Site Request Forgery (CSRF)