CVE-2024-27136

XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.2 or later.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:*

History

17 Oct 2024, 13:47

Type Values Removed Values Added
First Time Apache jspwiki
Apache
References () https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2024-27136 - () https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2024-27136 - Vendor Advisory
References () https://lists.apache.org/thread/gfms8gbncqqkj52p861b8fnsypwsl1d5 - () https://lists.apache.org/thread/gfms8gbncqqkj52p861b8fnsypwsl1d5 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CPE cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:*

24 Jun 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) XSS en la página de carga en Apache JSPWiki 2.12.1 y versiones anteriores permite al atacante ejecutar javascript en el navegador de la víctima y obtener información confidencial sobre la víctima. Los usuarios de Apache JSPWiki deben actualizar a 2.12.2 o posterior.

24 Jun 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-24 08:15

Updated : 2024-10-17 13:47


NVD link : CVE-2024-27136

Mitre link : CVE-2024-27136

CVE.ORG link : CVE-2024-27136


JSON object : View

Products Affected

apache

  • jspwiki
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')