CVE-2019-10078

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-10078
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10078.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-10078
Aliases
Published
2019-05-20T21:29:00.877Z
Modified
2026-04-10T04:11:44.825870Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.

References

Affected packages

Git / github.com/apache/jspwiki

Affected ranges

Type
GIT
Repo
https://github.com/apache/jspwiki
Events
Introduced
7eaed006f8585a3be13508ccc66e316687194f8d
Last affected
b9c3d919beee3a73ffd87cde5021327d3a6544a5
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7d36c03d534201d044b1f5572b08478f681a39d4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a4655648021b23c07e66ab366bed0d7fecc9fb2a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ca56f9cd57d680f526841d112ea56e46d4f3f2fa
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7d36c03d534201d044b1f5572b08478f681a39d4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d48bcef107a14dd07ecd830ab817b8df796082a4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d48bcef107a14dd07ecd830ab817b8df796082a4
Database specific 
{
    "versions": [
        {
            "introduced": "2.9.0"
        },
        {
            "last_affected": "2.11.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.11.0-m1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.11.0-m1\\-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.11.0-m1\\-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.11.0-m1\\.rc3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.11.0-m2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.11.0-m2\\-rc1"
        }
    ]
}

Affected versions

2.*
2.10.3
2.10.3-RC1
2.10.3-RC2
2.10.4
2.10.4-RC1
2.10.4-RC2
2.10.4-RC3
2.10.5
2.10.5-RC1
2.10.5-RC2
2.11.0
2.11.0-RC1
2.11.0-RC2
2.11.0.M1
2.11.0.M1-RC1
2.11.0.M1-RC2
2.11.0.M1.RC3
2.11.0.M2
2.11.0.M2-RC1
2.11.0.M3
2.11.0.M3-RC1
2.11.0.M3-RC2
2.11.0.M4
2.11.0.M4-RC1
2.11.0.M4-RC2
2.11.0.M5
2.11.0.M5-RC1
2.11.0.M5-RC2
2.11.0.M5-RC3
2.11.0.M6
2.11.0.M6-RC1
2.11.0.M7
2.11.0.M7-RC1
2.11.0.M8
2.11.0.M8-RC1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10078.json"