Cross-Site Scripting Vulnerability in Apache JSPWiki Products
CVE-2019-0224

6.1MEDIUM

Key Information:

Vendor

Apache
Status
Apache Jspwiki
Vendor
CVE Published:
28 March 2019

What is CVE-2019-0224?

In Apache JSPWiki versions ranging from 2.9.0 to 2.11.0.M2, a cross-site scripting vulnerability exists whereby an attacker can craft a malicious URL that executes JavaScript in a victim's session. This vulnerability compromises the client's browsers, allowing the attacker to manipulate session data, yet it does not enable data storage on the server or affect the JSPWiki database. It is critical to address this vulnerability to enhance the security posture of web applications relying on JSPWiki.

Affected Version(s)

Apache JSPWiki Apache JSPWiki 2.9.0 to 2.11.0.M2

References

https://lists.apache.org/thread.html/b4b4992a93d899050c11...
mailing-listx_refsource_MLIST
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0224
x_refsource_CONFIRM
http://www.securityfocus.com/bid/107631
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.