PT-2019-12788 · Apache · Apache Jspwiki

Publicado

2019-09-23

Atualizado

2019-10-11

CVE-2019-12404

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache JSPWiki versions up to 2.11.0.M4

Description A carefully crafted plugin link invocation could trigger an issue related to InfoContent.jsp, allowing an attacker to execute javascript in the victim's browser and potentially obtain sensitive information about the victim.

Recommendations For Apache JSPWiki versions up to 2.11.0.M4, consider disabling the plugin link invocation functionality until a patch is available. Restrict access to the InfoContent.jsp page to minimize the risk of exploitation.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2019-12404

GHSA-7QMG-QG53-MRP8

Produtos afetados

Apache Jspwiki

PT-2019-12788 · Apache · Apache Jspwiki

CVE-2019-12404

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5