Is CVE-2022-28731 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Jspwiki

CVE-2022-28731

A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password requ…

EPSS: 0.563 (98.9th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Jspwiki — versions Apache JSPWiki

Public proof-of-concept exploits

ARPSyndicate/cve-scores
muneebaashiq/MBProjects

References

jspwiki-wiki.apache.org/Wiki.jsp (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-28731?: CVE-2022-28731 is a vulnerability in Apache Software Foundation Jspwiki. Published 2022-08-04.
Is CVE-2022-28731 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.