CVE-2019-10076

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-10076
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10076.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-10076
Aliases
Published
2019-05-20T21:29:00.753Z
Modified
2026-04-10T04:11:44.754628Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.

References

Affected packages

Git / github.com/apache/jspwiki

Affected ranges

Type
GIT
Repo
https://github.com/apache/jspwiki
Events
Introduced
7eaed006f8585a3be13508ccc66e316687194f8d
Last affected
b9c3d919beee3a73ffd87cde5021327d3a6544a5
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7d36c03d534201d044b1f5572b08478f681a39d4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a4655648021b23c07e66ab366bed0d7fecc9fb2a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ca56f9cd57d680f526841d112ea56e46d4f3f2fa
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7d36c03d534201d044b1f5572b08478f681a39d4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d48bcef107a14dd07ecd830ab817b8df796082a4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d48bcef107a14dd07ecd830ab817b8df796082a4
Database specific 
{
    "versions": [
        {
            "introduced": "2.9.0"
        },
        {
            "last_affected": "2.11.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.11.0-m1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.11.0-m1\\-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.11.0-m1\\-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.11.0-m1\\.rc3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.11.0-m2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.11.0-m2\\-rc1"
        }
    ]
}

Affected versions

2.*
2.10.3
2.10.3-RC1
2.10.3-RC2
2.10.4
2.10.4-RC1
2.10.4-RC2
2.10.4-RC3
2.10.5
2.10.5-RC1
2.10.5-RC2
2.11.0
2.11.0-RC1
2.11.0-RC2
2.11.0.M1
2.11.0.M1-RC1
2.11.0.M1-RC2
2.11.0.M1.RC3
2.11.0.M2
2.11.0.M2-RC1
2.11.0.M3
2.11.0.M3-RC1
2.11.0.M3-RC2
2.11.0.M4
2.11.0.M4-RC1
2.11.0.M4-RC2
2.11.0.M5
2.11.0.M5-RC1
2.11.0.M5-RC2
2.11.0.M5-RC3
2.11.0.M6
2.11.0.M6-RC1
2.11.0.M7
2.11.0.M7-RC1
2.11.0.M8
2.11.0.M8-RC1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10076.json"