jspwiki-main is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the startDay
attribute in the execute
function of WeblogPlugin.java
, allowing an attacker to inject and execute malicious javascript through the maliciously crafted WeblogPlugin
request.