Cross-Site Scripting Vulnerability in Apache JSPWiki by Apache
CVE-2019-10076

6.1MEDIUM

Key Information:

Vendor

Apache
Status
Apache Jspwiki
Vendor
CVE Published:
20 May 2019

What is CVE-2019-10076?

A maliciously crafted attachment can exploit a vulnerability in Apache JSPWiki versions 2.9.0 to 2.11.0.M3, which may enable attackers to perform cross-site scripting (XSS) attacks. This could allow unauthorized actors to execute arbitrary scripts in the context of the user's session, leading to serious repercussions such as session hijacking and unauthorized access to user data.

Affected Version(s)

Apache JSPWiki Apache JSPWiki 2.9.0 to 2.11.0.M3

References

https://lists.apache.org/thread.html/aac253cfc33c0429b528...
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/05/19/4
mailing-listx_refsource_MLIST
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10076
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.