Description

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Remediation

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10087

Related Vulnerabilities

CVE-2020-26882 Vulnerability in maven package com.typesafe.play:play

CVE-2022-35912 Vulnerability in maven package org.grails:grails-databinding

CVE-2020-2310 Vulnerability in maven package org.jenkins-ci.plugins:ansible

CVE-2019-1003031 Vulnerability in maven package org.jenkins-ci.plugins:matrix-project

CVE-2018-3820 Vulnerability in npm package kibana

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory