CVE-2024-27136

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
6.1MEDIUM
EPSS
44.8%
top 2.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache JspwikiApache Software Foundation Apache Jspwiki
Timeline
PublishedJun 24

Description

XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.2 or later.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

NVDapache/jspwiki< 2.12.2

🔴Vulnerability Details

3
OSV
Cross site scripting in Apache JSPWiki2024-06-24
CVEList
Apache JSPWiki: Cross-site scripting vulnerability on upload page2024-06-24
GHSA
Cross site scripting in Apache JSPWiki2024-06-24
CVE-2024-27136 (MEDIUM CVSS 6.1) | XSS in Upload page in Apache JSPWik | cvebase.io