[MAVEN:GHSA-GWFQ-QWMP-X9XG] Cross-site scripting in Apache JSPWiki
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
| Package | Affected Version |
|---|---|
 pkg:maven/org.apache.jspwiki/jspwiki-war
|
>= 2.9.0, <= 2.11.0.M4 |
| Package | Fixed Version |
|---|---|
|
pkg:maven/org.apache.jspwiki/jspwiki-war
|
= 2.11.0.M5 |
- ID
- MAVEN:GHSA-GWFQ-QWMP-X9XG
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-gwfq-qwmp-x9xg
- Published
-
2019-10-11T18:41:50
(5 years ago) - Modified
-
2023-02-01T05:02:35
(19 months ago) - Rights
- Maven Security Team
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:maven/org.apache.jspwiki/jspwiki-war | org.apache.jspwiki |
jspwiki-war
|
>= 2.9.0 <= 2.11.0.M4 | |||
| Fixed | pkg:maven/org.apache.jspwiki/jspwiki-war | org.apache.jspwiki |
jspwiki-war
|
= 2.11.0.M5 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |