Cross-Site Scripting Vulnerability in Apache JSPWiki
CVE-2019-10089

6.1MEDIUM

Key Information:

Vendor: Apache
Status: Apache Jspwiki
Vendor: CVE Published:; 23 September 2019

What is CVE-2019-10089?

Apache JSPWiki versions up to 2.11.0.M4 are susceptible to a Cross-Site Scripting (XSS) vulnerability due to improper handling of carefully crafted plugin link invocations. This vulnerability is associated with the WYSIWYG editor component, allowing an attacker to inject malicious JavaScript into a victim's browser. Such an attack could lead to unauthorized access to sensitive information from the victim, posing a significant threat to web application security.

Affected Version(s)

Apache JSPWiki Apache JSPWiki up to 2.11.0.M4

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10089

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2019
Vulnerability Reserved
Mar 26, 2019