Description

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Remediation

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10090

Related Vulnerabilities

CVE-2012-5633 Vulnerability in maven package org.apache.cxf:cxf-bundle-minimal

CVE-2018-1260 Vulnerability in maven package org.springframework.security.oauth:spring-security-oauth2

CVE-2012-3373 Vulnerability in maven package org.apache.wicket:wicket

CVE-2022-41932 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2022-33140 Vulnerability in maven package org.apache.nifi.registry:nifi-registry-framework

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory