Cross-Site Scripting Vulnerability in Apache JSPWiki Affects Multiple Versions
CVE-2019-10077

6.1MEDIUM

Key Information:

Vendor
Apache
Status
Apache Jspwiki
Vendor
CVE Published:
20 May 2019

Summary

A crafted InterWiki link in Apache JSPWiki versions 2.9.0 through 2.11.0.M3 can lead to a Cross-Site Scripting (XSS) vulnerability. This issue allows remote attackers to inject arbitrary web script or HTML, potentially resulting in session hijacking. Users interacting with the malicious link may expose their session cookies or other sensitive information, thereby compromising the security and integrity of their accounts. It is advised for users to upgrade to the latest patched version to mitigate any risks associated with this vulnerability.

Affected Version(s)

Apache JSPWiki Apache JSPWiki 2.9.0 to 2.11.0.M3

References

https://lists.apache.org/thread.html/aac253cfc33c0429b528...
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/05/19/5
mailing-listx_refsource_MLIST
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10077
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.