CVE-2019-0224
MEDIUM6.1EPSS 2.4%Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main
發布日:2019/4/2修改日:2023/11/8
描述
In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.
受影響套件(1)
- Maven/org.apache.jspwiki:jspwiki-main>= 2.9.0, < 2.11.0.M3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
參考連結(7)
- ADVISORYhttps://github.com/advisories/GHSA-fmpq-w5q6-9vf9
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-0224
- WEBhttps://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0224
- WEBhttps://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/b4b4992a93d899050c1117a07c3c7fc9a175ec0672ab97065228de67@%3Cdev.jspwiki.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E
- WEBhttp://www.securityfocus.com/bid/107631