CVE-2021-40369

Name of the Vulnerable Software and Affected Versions Apache JSPWiki versions prior to 2.11.0

Description A carefully crafted plugin link invocation could trigger an issue on Apache JSPWiki, related to the Denounce plugin, allowing the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Recommendations For versions prior to 2.11.0, upgrade to 2.11.0 or later. As a temporary workaround, consider restricting the use of the Denounce plugin until a patch is available.