Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-28731

A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.

Published

2022-08-04T07:15:07.557

Last Modified

2024-11-21T06:57:49.450

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	jspwiki	< 2.11.3	Yes

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732 Not Applicable, Vendor Advisory ([email protected])
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732 Not Applicable, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)