Apache JSPWiki 2.11.2 CSRF via UserPreferences.jsp
CVE-2022-28731 Published on August 4, 2022
Apache JSPWiki CSRF in UserPreferences.jsp
A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.
Products Associated with CVE-2022-28731
Want to know whenever a new CVE is published for Apache JSPWiki? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache JSPWiki:- Version Apache JSPWiki, <= Apache JSPWiki up to 2.11.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.