HTTP: Apache JSPWiki XHRHtml2Markup.jsp Reflected Cross-Site Scripting
This signature detects attempts to exploit a known cross-site scripting vulnerability against Apache JSPWiki. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
Affected Products
Apache jspwiki
Short Name
HTTP:XSS:APACHE-JSPWIKI
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Apache CVE-2022-27166 Cross-Site JSPWiki Reflected Scripting XHRHtml2Markup.jsp
Release Date
09/21/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3528
False Positive
Unknown
Vendors
Apache