cve/2022/CVE-2022-28732.md

### [CVE-2022-28732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28732)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20JSPWiki&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Apache%20JSPWiki%3C%3D%20Apache%20JSPWiki%20up%20to%202.11.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=XSS&color=brighgreen)

### Description

A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/muneebaashiq/MBProjects
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2022-28732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28732)`
			`![](https://img.shields.io/static/v1?label=Product&message=Apache%20JSPWiki&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=Apache%20JSPWiki%3C%3D%20Apache%20JSPWiki%20up%20to%202.11.2%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=XSS&color=brighgreen)`

			`### Description`

			`A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/muneebaashiq/MBProjects`