CVE-2019-10078

Name of the Vulnerable Software and Affected Versions: Apache JSPWiki versions 2.9.0 through 2.11.0.M3

Description: A carefully crafted plugin link invocation could trigger a security issue on the mentioned software, potentially leading to session hijacking. The issue was initially reported in the ReferredPagesPlugin but was found to affect multiple plugins.

Recommendations: For Apache JSPWiki versions 2.9.0 through 2.11.0.M3, consider disabling the vulnerable plugins until a patch is available. Restrict access to the plugin link invocation functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.