Lucene search

K

ApacheCVELIST:CVE-2019-10078

HistoryMay 20, 2019 - 8:50 p.m.

CVE-2019-10078

2019-05-2020:50:54

apache

www.cve.org

0.006 Low

EPSS

Percentile

79.1%

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.

CNA Affected

[
  {
    "product": "Apache JSPWiki",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "Apache JSPWiki 2.9.0 to 2.11.0.M3"
      }
    ]
  }
]

References

www.openwall.com/lists/oss-security/2019/05/19/6

www.securityfocus.com/bid/108437

jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10078

lists.apache.org/thread.html/24f324ef11e43ba89ec9aac3725a5ecd4289835639c476299e7660d9%40%3Cdev.jspwiki.apache.org%3E

lists.apache.org/thread.html/959811b776e1a332a1a4295405b683fd64190d079a7c3028f1c314d7%40%3Cdev.jspwiki.apache.org%3E

lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16%40%3Ccommits.jspwiki.apache.org%3E

0.006 Low

EPSS

Percentile

79.1%

Related for CVELIST:CVE-2019-10078

ubuntucve1 cve1 veracode1 prion1 nvd1 osv2 github1 openvas1