CVE-2024-27136
Apache JSPWiki: Cross-site scripting vulnerability on upload page
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.2 or later.
XSS en la página de carga en Apache JSPWiki 2.12.1 y versiones anteriores permite al atacante ejecutar javascript en el navegador de la víctima y obtener información confidencial sobre la víctima. Los usuarios de Apache JSPWiki deben actualizar a 2.12.2 o posterior.
*Credits:
This issue was discovered by sonnh from Vietnam National Cyber security technology corporation
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-02-20 CVE Reserved
- 2024-06-24 CVE Published
- 2025-03-20 CVE Updated
- 2025-04-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2024-27136 | 2024-06-24 | |
| https://lists.apache.org/thread/gfms8gbncqqkj52p861b8fnsypwsl1d5 | 2024-06-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Software Foundation Search vendor "Apache Software Foundation" | Apache JSPWiki Search vendor "Apache Software Foundation" for product "Apache JSPWiki" | <= 2.12.1 Search vendor "Apache Software Foundation" for product "Apache JSPWiki" and version " <= 2.12.1" | en |
Affected
| ||||||