cbcvebase.
CVE-2022-28731
published 2022-08-04

CVE-2022-28731: A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to…

PriorityP351medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
EPSS
56.26%
98.9th percentile
A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.

Affected

2 ranges
VendorProductVersion rangeFixed in
apachejspwiki< 2.11.32.11.3
apache_software_foundationapache_jspwikiApache JSPWiki – Apache JSPWiki up to 2.11.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.