Description

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Remediation

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10087

Related Vulnerabilities

CVE-2019-1003064 Vulnerability in maven package org.jenkins-ci.plugins:aws-device-farm

CVE-2018-15801 Vulnerability in maven package org.springframework.security:spring-security-oauth2-jose

CVE-2011-1772 Vulnerability in maven package org.apache.struts.xwork:xwork-core

CVE-2013-5855 Vulnerability in maven package javax.faces:jsf-impl

CVE-2017-12634 Vulnerability in maven package org.apache.camel:camel-castor

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory