Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2019-12407 Vulnerability in maven package org.apache.jspwiki:jspwiki-war

Description

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Remediation

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12407

Related Vulnerabilities

CVE-2023-33201 Vulnerability in maven package org.bouncycastle:bcprov-debug-jdk14

CVE-2022-36059 Vulnerability in npm package matrix-js-sdk

CVE-2022-25206 Vulnerability in maven package org.jenkins-ci.plugins:dbcharts

CVE-2019-10339 Vulnerability in maven package org.jenkins-ci.plugins:jx-resources

CVE-2022-43431 Vulnerability in maven package com.compuware.jenkins:compuware-strobe-measurement

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory