Description
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
Remediation
References
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10089
Related Vulnerabilities
CVE-2020-16014 Vulnerability in npm package electron
CVE-2018-9159 Vulnerability in maven package com.sparkjava:spark-core
CVE-2022-33682 Vulnerability in maven package org.apache.pulsar:pulsar-proxy
CVE-2021-3827 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2015-7536 Vulnerability in maven package org.jenkins-ci.main:jenkins-core