XSS Vulnerability in Apache JSPWiki Affecting Multiple Versions
CVE-2019-10090
6.1MEDIUM
Summary
A serious XSS vulnerability exists in Apache JSPWiki, specifically affecting versions up to 2.11.0.M4. This flaw allows attackers to craft malicious plugin links that, when invoked, can run arbitrary JavaScript in the user's browser. As a result, sensitive information about the victim can be compromised. Users and administrators should be aware of this vulnerability and consider upgrading to mitigate potential risks.
Affected Version(s)
Apache JSPWiki Apache JSPWiki up to 2.11.0.M4
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved