Description

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Remediation

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12404

Related Vulnerabilities

CVE-2014-0227 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2022-29049 Vulnerability in maven package org.jenkins-ci.plugins:promoted-builds

CVE-2020-2136 Vulnerability in maven package org.jenkins-ci.plugins:git

CVE-2020-16024 Vulnerability in npm package electron

CVE-2023-35161 Vulnerability in maven package org.xwiki.platform:xwiki-platform-appwithinminutes-ui

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory