HTTP: Apache JSPWiki WeblogPlugin And AJAXPreview.jsp Stored Cross-Site Scripting
This signature detects attempts to exploit a known cross-site scripting vulnerability against Apache JSPWiki WeblogPlugin. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce plugin dangerously renders user-supplied URLs. Upon re-testing CVE-2021-40369, it appears that the patch was incomplete as it was still possible to insert malicious input via the Denounce plugin. Apache JSPWiki users should upgrade to 2.11.3 or later.
Affected Products
Apache jspwiki
Short Name
HTTP:APACHE:JSPWIKI-STRD-XSS
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
AJAXPreview.jsp And Apache CVE-2022-28730 CVE-2022-28732 Cross-Site JSPWiki Scripting Stored WeblogPlugin
Release Date
10/06/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Apache