oss-security - CVE-2024-27136: Apache JSPWiki: Cross-site scripting vulnerability on upload page

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Date: Sun, 23 Jun 2024 21:31:24 +0200
From: Juan Pablo Santos Rodríguez <juanpablo@...che.org>
To: oss-security@...ts.openwall.com, announce@...che.org, 
	user@...wiki.apache.org, dev@...wiki.apache.org, 
	Sơn Nguyễn <son.nguyen3496@...il.com>
Subject: CVE-2024-27136: Apache JSPWiki: Cross-site scripting vulnerability on
 upload page

Severity: moderate

Affected versions:

- Apache JSPWiki through 2.12.1

Description:

XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the
attacker to execute javascript in the victim's browser and get some
sensitive information about the victim.  Apache JSPWiki users should
upgrade to 2.12.2 or later.

Credit:

This issue was discovered by sonnh from Vietnam National Cyber
security technology corporation (finder)

References:

https://jspwiki.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-27136
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2024-27136

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.