jspwiki-war is vulnerable to cross-site scripting (XSS). The remember
parameter in preview.jsp
was not handled properly to escape malicious script injection, allowing to trigger the attack through it.
CPE | Name | Operator | Version |
---|---|---|---|
apache jspwiki main war | le | 2.11.0.M4 |