Apache JSPWiki is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim’s browser via a malicious InterWiki link to steal session tokens or perform unwanted actions on behalf of the user.
CPE | Name | Operator | Version |
---|---|---|---|
apache jspwiki main jar | le | 2.11.0.M3 | |
apache jspwiki main jar | le | 2.11.0.M3 |