Home/Product/apache jspwiki
Product

apache jspwiki

31 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-24854
< 2.12.3
A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the at
6.1MEDIUM
 CVE-2025-24853
< 2.12.3
A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute j
7.5HIGH
 CVE-2024-27136
< 2.12.2
XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the attacker to execute javascript in the victim's browser and get s
6.1MEDIUM
 CVE-2022-46907
< 2.12.0
A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the
6.1MEDIUM
 CVE-2022-34158
< 2.11.3
A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which coul
8.8HIGH
 CVE-2022-28732
< 2.11.3
A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker t
6.1MEDIUM
 CVE-2022-28731
< 2.11.3
A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which coul
6.5MEDIUM
 CVE-2022-28730
< 2.11.3
A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacke
6.1MEDIUM
 CVE-2022-27166
< 2.11.3
A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2,
6.1MEDIUM
 CVE-2022-24948
< 2.11.2
A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user pref
6.1MEDIUM
 CVE-2022-24947
< 2.11.2
Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users shoul
8.8HIGH
 CVE-2021-44140
< 2.11.0
Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly
9.1CRITICAL
 CVE-2021-40369
< 2.11.0
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, w
6.1MEDIUM
 CVE-2019-12407
<= 2.10.5
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apach
6.1MEDIUM
 CVE-2019-10090
<= 2.10.5
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apach
6.1MEDIUM
 CVE-2019-12404
<= 2.10.5
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apach
6.1MEDIUM
 CVE-2019-10089
<= 2.10.5
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apach
6.1MEDIUM
 CVE-2019-10087
<= 2.10.5
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apach
6.1MEDIUM
 CVE-2019-10078
>= 2.9.0 and <= 2.11.0
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could le
6.1MEDIUM
 CVE-2019-10077
>= 2.9.0 and <= 2.11.0
A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to se
6.1MEDIUM
 CVE-2019-10076
>= 2.9.0 and <= 2.11.0
A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead
6.1MEDIUM
 CVE-2019-0225
>= 2.9.0 and < 2.11.0
A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.
7.5HIGH
 CVE-2019-0224
>= 2.9.0 and <= 2.10.5
In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information c
6.1MEDIUM
 CVE-2018-20242
<= 2.10.5
A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to sess
6.1MEDIUM
 CVE-2008-1231
all versions
Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to include and execute arbitr
 CVE-2008-1230
all versions
Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to upload and execute arbitrary .jsp
 CVE-2008-1229
all versions
Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to inject arbitrary we
 CVE-2007-5121
all versions
Cross-site scripting (XSS) vulnerability in JSPWiki 2.5.139-beta allows remote attackers to inject arbitrary web script or HTML vi
 CVE-2007-5120
all versions
Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary
 CVE-2007-5119
all versions
JSPWiki 2.4.103 and 2.5.139-beta allows remote attackers to obtain sensitive information (full path) via an invalid integer in the
 CVE-2004-1544
all versions
Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1.120-cvs and earlier allows remote attackers to execute arbit
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh