CVE-2019-12407

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-12407

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12407.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-12407

Aliases

GHSA-p2r4-rpj8-m2p9

Published

2019-09-23T16:15:14.977Z

Modified

2026-02-13T01:37:26.424895Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12407

Affected packages

Git / github.com/apache/jspwiki

Affected ranges

Type: GIT
Repo: https://github.com/apache/jspwiki
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1b7f36e1ab997bcdc07f9f27f8ee8f692648411d

Affected versions

2.*

2.10.3

2.10.3-RC1

2.10.3-RC2

2.10.4

2.10.4-RC1

2.10.4-RC2

2.10.4-RC3

2.10.5

2.10.5-RC1

2.10.5-RC2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12407.json"