CVE-2019-10078 – org.apache.jspwiki:jspwiki-war

Package

Manager: maven
Name: org.apache.jspwiki:jspwiki-war
Vulnerable Version: >=2.9.0 <2.11.0.m4

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.03815 pctl0.8767

Details

Cross-site Scriptin in JSPWiki A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.

Metadata

Created: 2019-06-06T15:29:29Z
Modified: 2021-08-04T20:00:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/06/GHSA-hp5r-mhgp-56c9/GHSA-hp5r-mhgp-56c9.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-hp5r-mhgp-56c9
Finding: F008
Auto approve: 1