CVE-2019-10078

MEDIUM6.1EPSS 3.0%

Cross-site Scriptin in JSPWiki

Published: 6/6/2019Modified: 11/8/2023

Description

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.

Affected packages (2)

Maven/org.apache.jspwiki:jspwiki-main>= 2.9.0, < 2.11.0.M4
Maven/org.apache.jspwiki:jspwiki-war>= 2.9.0, < 2.11.0.M4

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-10078
WEBhttps://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10078