CVE-2018-20242

Name of the Vulnerable Software and Affected Versions Apache JSPWiki versions up to 2.10.5

Description The issue is related to a lack of protection measures for the web page structure in Apache JSPWiki, based on JSP technology. A carefully crafted URL could trigger a session hijacking issue. Exploitation of this issue may allow a remote attacker to perform a cross-site scripting attack using a specially crafted link.

Recommendations For Apache JSPWiki versions up to 2.10.5, consider disabling access to potentially vulnerable URLs as a temporary workaround until a patch is available. Restrict access to sensitive areas of the web application to minimize the risk of exploitation.