PT-2019-12789 · Apache · Apache Jspwiki

Published

2019-09-23

Updated

2022-05-24

CVE-2019-12407

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache JSPWiki versions up to 2.11.0.M4

Description The issue allows an attacker to execute javascript in the victim's browser and get some sensitive information about the victim through a carefully crafted plugin link invocation, related to the remember parameter on some of the JSPs.

Recommendations For Apache JSPWiki versions up to 2.11.0.M4, as a temporary workaround, consider restricting access to the remember parameter in the affected JSPs until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-12407

GHSA-P2R4-RPJ8-M2P9

Affected Products

Apache Jspwiki

PT-2019-12789 · Apache · Apache Jspwiki

CVE-2019-12407

Weakness Enumeration

Related Identifiers

Affected Products

References · 6