CVE-2019-0224

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-0224
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-0224.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-0224
Aliases
Published
2019-03-28T21:29:00.243Z
Modified
2026-04-10T04:08:29.194783Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.

References

Affected packages

Git / github.com/apache/jspwiki

Affected ranges

Type
GIT
Repo
https://github.com/apache/jspwiki
Events
Introduced
7eaed006f8585a3be13508ccc66e316687194f8d
Last affected
1b7f36e1ab997bcdc07f9f27f8ee8f692648411d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7d36c03d534201d044b1f5572b08478f681a39d4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a4655648021b23c07e66ab366bed0d7fecc9fb2a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ca56f9cd57d680f526841d112ea56e46d4f3f2fa
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7d36c03d534201d044b1f5572b08478f681a39d4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d48bcef107a14dd07ecd830ab817b8df796082a4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d48bcef107a14dd07ecd830ab817b8df796082a4
Database specific 
{
    "versions": [
        {
            "introduced": "2.9.0"
        },
        {
            "last_affected": "2.10.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.11.0-milestone1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.11.0-milestone1\\-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.11.0-milestone1\\-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.11.0-milestone1\\-rc3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.11.0-milestone2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.11.0-milestone2\\-rc1"
        }
    ]
}

Affected versions

2.*
2.10.3
2.10.3-RC1
2.10.3-RC2
2.10.4
2.10.4-RC1
2.10.4-RC2
2.10.4-RC3
2.10.5
2.10.5-RC1
2.10.5-RC2
2.11.0.M1
2.11.0.M1-RC1
2.11.0.M1-RC2
2.11.0.M1.RC3
2.11.0.M2
2.11.0.M2-RC1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-0224.json"