Is CVE-2022-27166 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Jspwiki

CVE-2022-27166

A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive informat…

EPSS: 0.853 (99.7th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Jspwiki — versions Apache JSPWiki

Public proof-of-concept exploits

ARPSyndicate/cve-scores
muneebaashiq/MBProjects

References

jspwiki-wiki.apache.org/Wiki.jsp (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-27166?: CVE-2022-27166 is a vulnerability in Apache Software Foundation Jspwiki. Published 2022-08-04.
Is CVE-2022-27166 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.