CVE-2019-10090

CVSS v3.1 6.1 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.19 % (56^th)

Affected Products 1

Advisories 1

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Weaknesses

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2019-09-23 16:15:14
(5 years ago)
Updated Date: 2019-09-23 19:29:04
(5 years ago)

Affected Products

Apache

Jspwiki

Configuration #1

	CPE23	Up To
Apache Jspwiki 2.10.5 and prior versions	cpe:2.3:a:apache:jspwiki	<= 2.10.5
Apache Jspwiki 2.11.0 M1	cpe:2.3:a:apache:jspwiki:2.11.0:m1
Apache Jspwiki 2.11.0 M1-rc1	cpe:2.3:a:apache:jspwiki:2.11.0:m1-rc1
Apache Jspwiki 2.11.0 M1-rc2	cpe:2.3:a:apache:jspwiki:2.11.0:m1-rc2
Apache Jspwiki 2.11.0 M1-rc3	cpe:2.3:a:apache:jspwiki:2.11.0:m1-rc3
Apache Jspwiki 2.11.0 M2	cpe:2.3:a:apache:jspwiki:2.11.0:m2
Apache Jspwiki 2.11.0 M2-rc1	cpe:2.3:a:apache:jspwiki:2.11.0:m2-rc1
Apache Jspwiki 2.11.0 M3	cpe:2.3:a:apache:jspwiki:2.11.0:m3
Apache Jspwiki 2.11.0 M3-rc1	cpe:2.3:a:apache:jspwiki:2.11.0:m3-rc1
Apache Jspwiki 2.11.0 M3-rc2	cpe:2.3:a:apache:jspwiki:2.11.0:m3-rc2
Apache Jspwiki 2.11.0 M4	cpe:2.3:a:apache:jspwiki:2.11.0:m4
Apache Jspwiki 2.11.0 M4-rc1	cpe:2.3:a:apache:jspwiki:2.11.0:m4-rc1
Apache Jspwiki 2.11.0 M4-rc2	cpe:2.3:a:apache:jspwiki:2.11.0:m4-rc2