Description
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
Remediation
References
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12404
Related Vulnerabilities
CVE-2023-38493 Vulnerability in maven package com.linecorp.armeria:armeria
CVE-2019-16303 Vulnerability in npm package generator-jhipster
CVE-2011-2487 Vulnerability in maven package org.apache.cxf:cxf
CVE-2023-30529 Vulnerability in maven package org.jenkins-ci.plugins:lucene-search
CVE-2023-29215 Vulnerability in maven package org.apache.linkis:linkis-metadata-query-service-jdbc