CVE-2022-24947
Apache JSPWiki CSRF Account Takeover
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
25 Feb 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.
Affected products
Apache Software Foundation · Apache JSPWiki