Description

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Remediation

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10090

Related Vulnerabilities

CVE-2019-10293 Vulnerability in maven package org.jenkins-ci.plugins:kmap-jenkins

CVE-2023-33947 Vulnerability in maven package com.liferay.portal:release.portal.bom

CVE-2022-36922 Vulnerability in maven package org.jenkins-ci.plugins:lucene-search

CVE-2020-17510 Vulnerability in maven package org.apache.shiro:shiro-spring-boot-web-starter

CVE-2015-6524 Vulnerability in maven package org.apache.activemq:activemq-osgi

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory