CVE-2019-10087 – org.apache.jspwiki:jspwiki-war

Package

Manager: maven
Name: org.apache.jspwiki:jspwiki-war
Vulnerable Version: >=2.9.0 <2.11.0.m5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.05213 pctl0.89549

Details

Cross-site scripting in Apache JSPWiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Metadata

Created: 2019-10-11T18:41:50Z
Modified: 2021-08-17T22:34:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/10/GHSA-gwfq-qwmp-x9xg/GHSA-gwfq-qwmp-x9xg.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-gwfq-qwmp-x9xg
Finding: F008
Auto approve: 1