CVE-2019-12407

Name of the Vulnerable Software and Affected Versions Apache JSPWiki versions up to 2.11.0.M4

Description The issue allows an attacker to execute javascript in the victim's browser and get some sensitive information about the victim through a carefully crafted plugin link invocation, related to the remember parameter on some of the JSPs.

Recommendations For Apache JSPWiki versions up to 2.11.0.M4, as a temporary workaround, consider restricting access to the remember parameter in the affected JSPs until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.