CVE-2019-12407 – org.apache.jspwiki:jspwiki-war

Package

Manager: maven
Name: org.apache.jspwiki:jspwiki-war
Vulnerable Version: >=0 <2.11.0.m5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.05213 pctl0.89549

Details

Cross-site Scripting in Apache JSPWiki In Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Metadata

Created: 2022-05-24T16:56:40Z
Modified: 2023-07-17T21:22:14Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p2r4-rpj8-m2p9/GHSA-p2r4-rpj8-m2p9.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-p2r4-rpj8-m2p9
Finding: F008
Auto approve: 1