oss-sec mailing list archives
[CVE-2019-10078] Apache JSPWiki Cross-site scripting vulnerability
From: Juan Pablo Santos Rodríguez <juanpablo.santos () gmail com>
Date: Sun, 19 May 2019 18:06:34 +0200
[CVEID]:CVE-2019-10078 [PRODUCT]:Apache JSPWiki [VERSION]:Apache JSPWiki 2.9.0 to 2.11.0.M3 [PROBLEMTYPE]:Cross-site scripting vulnerability [REFERENCES]:https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10078 [DESCRIPTION]:A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.
Current thread:
- [CVE-2019-10078] Apache JSPWiki Cross-site scripting vulnerability Juan Pablo Santos Rodríguez (May 19)