Cross-Site Scripting (XSS)
Apache JSPWiki is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the ReferredPagesPlugin and navigation breadcrumbs, to steal session tokens or perform unwanted actions on behalf of the user...