Every CVE whose affected-product data names Apache Jspwiki, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2021-44140 — CVSS 9.1 (critical): Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted…
CVE-2022-34158 — CVSS 8.8 (high): A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a…
CVE-2022-24947 — CVSS 8.8 (high): Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade…
CVE-2019-0225 — CVSS 7.5 (high): A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2…
CVE-2025-24853 — CVSS 7.5 (high): A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript…
CVE-2022-28731 — CVSS 6.5 (medium): A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow…
CVE-2019-10089 — CVSS 6.1 (medium): On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache…
CVE-2019-10090 — CVSS 6.1 (medium): On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache…
CVE-2019-12404 — CVSS 6.1 (medium): On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache…
CVE-2019-12407 — CVSS 6.1 (medium): On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache…
CVE-2021-40369 — CVSS 6.1 (medium): A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which…
CVE-2022-24948 — CVSS 6.1 (medium): A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences…
CVE-2022-27166 — CVSS 6.1 (medium): A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which…
CVE-2022-28730 — CVSS 6.1 (medium): A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to…
CVE-2022-28732 — CVSS 6.1 (medium): A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute…
CVE-2022-46907 — CVSS 6.1 (medium): A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker…
CVE-2024-27136 — CVSS 6.1 (medium): XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the attacker to execute javascript in the victim's browser and get some…
CVE-2018-20242 — CVSS 6.1 (medium): A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session…
CVE-2025-24854 — CVSS 6.1 (medium): A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to…
CVE-2019-0224 — CVSS 6.1 (medium): In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be…
CVE-2019-10076 — CVSS 6.1 (medium): A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to…
CVE-2019-10077 — CVSS 6.1 (medium): A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session…
CVE-2019-10078 — CVSS 6.1 (medium): A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to…
CVE-2019-10087 — CVSS 6.1 (medium): On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache…