[MAVEN:GHSA-HP5R-MHGP-56C9] Cross-site Scriptin in JSPWiki
Severity
Moderate
Affected Packages
2
Fixed Packages
2
CVEs
1
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.
| Package | Affected Version |
|---|---|
 pkg:maven/org.apache.jspwiki/jspwiki-war
|
>= 2.9.0, <= 2.11.0.M3 |
|
pkg:maven/org.apache.jspwiki/jspwiki-main
|
>= 2.9.0, <= 2.11.0.M3 |
| Package | Fixed Version |
|---|---|
|
pkg:maven/org.apache.jspwiki/jspwiki-war
|
= 2.11.0.M4 |
|
pkg:maven/org.apache.jspwiki/jspwiki-main
|
= 2.11.0.M4 |
- ID
- MAVEN:GHSA-HP5R-MHGP-56C9
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-hp5r-mhgp-56c9
- Published
-
2019-06-06T15:29:29
(5 years ago) - Modified
-
2023-02-01T05:01:57
(19 months ago) - Rights
- Maven Security Team
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:maven/org.apache.jspwiki/jspwiki-war | org.apache.jspwiki |
jspwiki-war
|
>= 2.9.0 <= 2.11.0.M3 | |||
| Fixed | pkg:maven/org.apache.jspwiki/jspwiki-war | org.apache.jspwiki |
jspwiki-war
|
= 2.11.0.M4 | |||
| Affected | pkg:maven/org.apache.jspwiki/jspwiki-main | org.apache.jspwiki |
jspwiki-main
|
>= 2.9.0 <= 2.11.0.M3 | |||
| Fixed | pkg:maven/org.apache.jspwiki/jspwiki-main | org.apache.jspwiki |
jspwiki-main
|
= 2.11.0.M4 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |