XSS vulnerability possible via a carefully crafted plugin link invocation

2019-10-11T18:41:54
ID GHSA-3RX2-X6MX-GRJ3
Type github
Reporter GitHub Advisory Database
Modified 2019-11-06T18:20:24

Description

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.