CVE-2019-0224

Name of the Vulnerable Software and Affected Versions: Apache JSPWiki versions 2.9.0 through 2.11.0.M2

Description: A carefully crafted URL could execute javascript on another user's session, but this is limited to the attacker's own browser. The issue does not allow saving information on the server or the JSPWiki database, nor can it execute javascript on someone else's browser.

Recommendations: For Apache JSPWiki versions 2.9.0 through 2.11.0.M2, consider disabling javascript execution until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.