CVE-2019-10089

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-10089

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10089.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-10089

Aliases

GHSA-3rx2-x6mx-grj3

Published

2019-09-23T15:15:10.420Z

Modified

2026-02-13T01:36:38.303478Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10089

Affected packages

Git / github.com/apache/jspwiki

Affected ranges

Type: GIT
Repo: https://github.com/apache/jspwiki
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1b7f36e1ab997bcdc07f9f27f8ee8f692648411d

Affected versions

2.*

2.10.3

2.10.3-RC1

2.10.3-RC2

2.10.4

2.10.4-RC1

2.10.4-RC2

2.10.4-RC3

2.10.5

2.10.5-RC1

2.10.5-RC2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10089.json"