PT-2019-11198 · Apache · Apache Jspwiki

Muthukumar Marikani

Published

2019-03-28

Updated

2019-05-19

CVE-2019-0224

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Apache JSPWiki versions 2.9.0 through 2.11.0.M2

Description: A carefully crafted URL could execute javascript on another user's session, but this is limited to the attacker's own browser. The issue does not allow saving information on the server or the JSPWiki database, nor can it execute javascript on someone else's browser.

Recommendations: For Apache JSPWiki versions 2.9.0 through 2.11.0.M2, consider disabling javascript execution until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-0224

GHSA-FMPQ-W5Q6-9VF9

Affected Products

Apache Jspwiki

PT-2019-11198 · Apache · Apache Jspwiki

CVE-2019-0224

Weakness Enumeration

Related Identifiers

Affected Products

References · 13