6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-28730

GHSA ID

GHSA-ggjq-8c4c-68r5

EPSS Score

0.97262%

CWE

CWE-79

Published

8/5/2022

Updated

1/31/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-28730

CVE-2022-28730: Apache JSPWiki XSS due to incomplete patch for CVE-2021-40369

A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce plugin dangerously renders user-supplied URLs. Upon re-testing CVE-2021-40369, it appears that the patch was incomplete as it was still possible to insert malicious input via the Denounce plugin. Apache JSPWiki users should upgrade to 2.11.3 or later.

(GitHub Advisory)

6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-28730

GHSA ID

GHSA-ggjq-8c4c-68r5

EPSS Score

0.97262%

CWE

CWE-79

Published

8/5/2022

Updated

1/31/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.jspwiki:jspwiki-main	maven	< 2.11.3	2.11.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the DenouncePlugin's handling of user-controlled URLs, as explicitly referenced in both CVE descriptions. The AJAXPreview.jsp endpoint is the attack vector, but the root cause is the plugin's rendering logic. The previous CVE-2021-40369 involved similar insufficient sanitization in this plugin, and the advisory confirms the patch was incomplete. While exact code isn't available, the pattern matches classic XSS vulnerabilities in plugin rendering methods that handle untrusted input without proper escaping.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* **r**ully *r**t** r*qu*st on *J*XPr*vi*w.jsp *oul* tri***r *n XSS vuln*r**ility on *p**** JSPWiki, w*i** *oul* *llow t** *tt**k*r to *x**ut* j*v*s*ript in t** vi*tim's *rows*r *n* **t som* s*nsitiv* in*orm*tion **out t** vi*tim. T*is vuln*r**ility

Reasoning

T** vuln*r**ility st*ms *rom t** **noun**Plu*in's **n*lin* o* us*r-*ontroll** URLs, *s *xpli*itly r***r*n*** in *ot* *V* **s*riptions. T** `*J*XPr*vi*w.jsp` *n*point is t** *tt**k v**tor, *ut t** root **us* is t** plu*in's r*n**rin* lo*i*. T** pr*vio

6.1

Basic Information

Concerned about an active attack path?

CVE-2022-28730: Apache JSPWiki XSS due to incomplete patch for CVE-2021-40369

6.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI