CVE-2019-10089 – org.apache.jspwiki:jspwiki-war

Package

Manager: maven
Name: org.apache.jspwiki:jspwiki-war
Vulnerable Version: >=2.9.0 <2.11.0.m5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.05158 pctl0.89493

Details

Cross-site scripting in Apache JSPWiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Metadata

Created: 2019-10-11T18:41:54Z
Modified: 2021-08-17T22:35:54Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/10/GHSA-3rx2-x6mx-grj3/GHSA-3rx2-x6mx-grj3.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-3rx2-x6mx-grj3
Finding: F008
Auto approve: 1