CVE-2019-0224 – org.apache.jspwiki:jspwiki-main

Package

Manager: maven
Name: org.apache.jspwiki:jspwiki-main
Vulnerable Version: >=2.9.0 <2.11.0.m3

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.02548 pctl0.84923

Details

Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.

Metadata

Created: 2019-04-02T15:46:48Z
Modified: 2021-06-10T23:43:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-fmpq-w5q6-9vf9/GHSA-fmpq-w5q6-9vf9.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-fmpq-w5q6-9vf9
Finding: F008
Auto approve: 1