Vulnerability Details CVE-2021-40369
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.0 or later.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.7%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.openwall.com/lists/oss-security/2022/08/03/3
- https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-40369
- https://lists.apache.org/thread/r2j00nrnpjgcmoxvlv3pgfoq9kzrcsfh
- http://www.openwall.com/lists/oss-security/2022/08/03/3
- https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-40369
- https://lists.apache.org/thread/r2j00nrnpjgcmoxvlv3pgfoq9kzrcsfh
Products affected by CVE-2021-40369
-
cpe:2.3:a:apache:jspwiki:-
-
cpe:2.3:a:apache:jspwiki:1.4.0
-
cpe:2.3:a:apache:jspwiki:1.5.0
-
cpe:2.3:a:apache:jspwiki:1.5.5
-
cpe:2.3:a:apache:jspwiki:1.5.7
-
cpe:2.3:a:apache:jspwiki:1.6.0
-
cpe:2.3:a:apache:jspwiki:1.6.11
-
cpe:2.3:a:apache:jspwiki:1.6.12
-
cpe:2.3:a:apache:jspwiki:1.7.0
-
cpe:2.3:a:apache:jspwiki:1.8.0
-
cpe:2.3:a:apache:jspwiki:1.8.2
-
cpe:2.3:a:apache:jspwiki:2.0.0
-
cpe:2.3:a:apache:jspwiki:2.0.14
-
cpe:2.3:a:apache:jspwiki:2.0.32
-
cpe:2.3:a:apache:jspwiki:2.0.36
-
cpe:2.3:a:apache:jspwiki:2.0.39
-
cpe:2.3:a:apache:jspwiki:2.0.45
-
cpe:2.3:a:apache:jspwiki:2.10.0
-
cpe:2.3:a:apache:jspwiki:2.10.1
-
cpe:2.3:a:apache:jspwiki:2.10.2
-
cpe:2.3:a:apache:jspwiki:2.10.3
-
cpe:2.3:a:apache:jspwiki:2.10.4
-
cpe:2.3:a:apache:jspwiki:2.10.5
-
cpe:2.3:a:apache:jspwiki:2.2.13
-
cpe:2.3:a:apache:jspwiki:2.2.14
-
cpe:2.3:a:apache:jspwiki:2.2.16
-
cpe:2.3:a:apache:jspwiki:2.2.19
-
cpe:2.3:a:apache:jspwiki:2.2.20
-
cpe:2.3:a:apache:jspwiki:2.2.26
-
cpe:2.3:a:apache:jspwiki:2.2.28
-
cpe:2.3:a:apache:jspwiki:2.2.33
-
cpe:2.3:a:apache:jspwiki:2.3.50
-
cpe:2.3:a:apache:jspwiki:2.4.0
-
cpe:2.3:a:apache:jspwiki:2.4.100
-
cpe:2.3:a:apache:jspwiki:2.4.102
-
cpe:2.3:a:apache:jspwiki:2.4.103
-
cpe:2.3:a:apache:jspwiki:2.4.104
-
cpe:2.3:a:apache:jspwiki:2.4.15
-
cpe:2.3:a:apache:jspwiki:2.4.56
-
cpe:2.3:a:apache:jspwiki:2.4.69
-
cpe:2.3:a:apache:jspwiki:2.4.71
-
cpe:2.3:a:apache:jspwiki:2.4.87
-
cpe:2.3:a:apache:jspwiki:2.5.124
-
cpe:2.3:a:apache:jspwiki:2.5.139
-
cpe:2.3:a:apache:jspwiki:2.5.79
-
cpe:2.3:a:apache:jspwiki:2.5.93
-
cpe:2.3:a:apache:jspwiki:2.6.0
-
cpe:2.3:a:apache:jspwiki:2.6.1
-
cpe:2.3:a:apache:jspwiki:2.6.2
-
cpe:2.3:a:apache:jspwiki:2.6.3
-
cpe:2.3:a:apache:jspwiki:2.6.4
-
cpe:2.3:a:apache:jspwiki:2.8.0
-
cpe:2.3:a:apache:jspwiki:2.8.1
-
cpe:2.3:a:apache:jspwiki:2.8.2
-
cpe:2.3:a:apache:jspwiki:2.8.3
-
cpe:2.3:a:apache:jspwiki:2.8.4
-
cpe:2.3:a:apache:jspwiki:2.9.0
-
cpe:2.3:a:apache:jspwiki:2.9.1