CVE-2021-40369

XSS vulnerability on Denounce plugin

EPSS 3.3%

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 3.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

24 nov 2021Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.0 or later.

Productos afectados

Apache Software Foundation · Apache JSPWiki

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-40369 https://lists.apache.org/thread/r2j00nrnpjgcmoxvlv3pgfoq9kzrcsfh http://www.openwall.com/lists/oss-security/2022/08/03/3