CVE-2019-0224

MEDIUM6.1EPSS 2.4%

Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main

Published: 4/2/2019Modified: 11/8/2023

Description

In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.

Affected packages (1)

Maven/org.apache.jspwiki:jspwiki-main>= 2.9.0, < 2.11.0.M3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (7)

ADVISORYhttps://github.com/advisories/GHSA-fmpq-w5q6-9vf9
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-0224
WEBhttps://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0224
WEBhttps://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
WEBhttps://lists.apache.org/thread.html/b4b4992a93d899050c1117a07c3c7fc9a175ec0672ab97065228de67@%3Cdev.jspwiki.apache.org%3E
WEBhttps://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E
WEBhttp://www.securityfocus.com/bid/107631