Description
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
Remediation
References
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10090
Related Vulnerabilities
CVE-2023-31206 Vulnerability in maven package org.apache.inlong:manager-pojo
CVE-2020-2300 Vulnerability in maven package org.jenkins-ci.plugins:active-directory
CVE-2023-20863 Vulnerability in maven package org.springframework:spring-expression
CVE-2023-40176 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2022-4116 Vulnerability in maven package io.quarkus:quarkus-vertx-http-deployment