Cross-Site Scripting Vulnerability in Apache JSPWiki Versions
CVE-2018-20242
6.1MEDIUM
Summary
A crafted URL can exploit an XSS vulnerability in Apache JSPWiki, affecting versions up to 2.10.5. This flaw may allow attackers to execute scripts in the context of another user's session, potentially leading to session hijacking and unauthorized access to sensitive information.
Affected Version(s)
Apache JSPWiki prior to 2.10.5
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved