Description

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Remediation

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12407

Related Vulnerabilities

CVE-2021-22696 Vulnerability in maven package org.apache.cxf:cxf-rt-rs-security-oauth2

CVE-2023-4301 Vulnerability in maven package org.jenkins-ci.plugins:fortify

CVE-2020-25802 Vulnerability in maven package org.craftercms:crafter-studio

CVE-2016-1181 Vulnerability in maven package struts:struts

CVE-2023-50730 Vulnerability in maven package edu.gemini:gsp-graphql-core_sjs1_2.13

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory