Description
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
Remediation
References
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12404
Related Vulnerabilities
CVE-2016-2141 Vulnerability in maven package org.jgroups:jgroups
CVE-2015-6524 Vulnerability in maven package org.apache.activemq:activemq-jaas
CVE-2016-3092 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2020-9491 Vulnerability in maven package org.apache.nifi:nifi-bootstrap
CVE-2017-4947 Vulnerability in maven package com.vmware.xenon:xenon-common