Vulnerability Description
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.0 or later.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Jspwiki | < 2.11.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2022/08/03/3Mailing ListThird Party Advisory
- https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-40369Vendor Advisory
- https://lists.apache.org/thread/r2j00nrnpjgcmoxvlv3pgfoq9kzrcsfhVendor Advisory
- http://www.openwall.com/lists/oss-security/2022/08/03/3Mailing ListThird Party Advisory
- https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-40369Vendor Advisory
- https://lists.apache.org/thread/r2j00nrnpjgcmoxvlv3pgfoq9kzrcsfhVendor Advisory
FAQ
What is CVE-2021-40369?
CVE-2021-40369 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's br...
How severe is CVE-2021-40369?
CVE-2021-40369 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-40369?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Jspwiki.