CVE-2019-0224

6.1MEDIUM

Key Information:

Vendor: Apache
Status: Apache Jspwiki
Vendor: CVE Published:; 28 March 2019

Summary

In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.

Affected Version(s)

Apache JSPWiki Apache JSPWiki 2.9.0 to 2.11.0.M2

References

https://lists.apache.org/thread.html/b4b4992a93d899050c11...

mailing-listx_refsource_MLIST

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0224

x_refsource_CONFIRM

http://www.securityfocus.com/bid/107631

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 28, 2019
Vulnerability Reserved
Nov 14, 2018

.