Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2019-12404 Vulnerability in maven package org.apache.jspwiki:jspwiki-war

Description

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Remediation

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12404

Related Vulnerabilities

CVE-2020-13942 Vulnerability in maven package org.apache.unomi:unomi-persistence-elasticsearch-core

CVE-2021-21694 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2021-45046 Vulnerability in maven package org.apache.logging.log4j:log4j-core

CVE-2022-45064 Vulnerability in maven package org.apache.sling:org.apache.sling.engine

CVE-2011-1772 Vulnerability in maven package org.apache.struts.xwork:xwork-core

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory