CVE-2019-12404 – org.apache.jspwiki:jspwiki-war

Package

Manager: maven
Name: org.apache.jspwiki:jspwiki-war
Vulnerable Version: >=2.9.0 <2.11.0.m5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.05213 pctl0.89549

Details

Cross-site scripting in Apache JSPWiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Metadata

Created: 2019-10-11T18:41:59Z
Modified: 2021-08-17T22:37:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/10/GHSA-7qmg-qg53-mrp8/GHSA-7qmg-qg53-mrp8.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-7qmg-qg53-mrp8
Finding: F008
Auto approve: 1