GHSA-3rx2-x6mx-grj3

Source

https://github.com/advisories/GHSA-3rx2-x6mx-grj3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/10/GHSA-3rx2-x6mx-grj3/GHSA-3rx2-x6mx-grj3.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3rx2-x6mx-grj3

Aliases

CVE-2019-10089

Published

2019-10-11T18:41:54Z

Modified

2023-11-08T04:00:40.110660Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Cross-site scripting in Apache JSPWiki

Details

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Database specific

{
    "nvd_published_at": "2019-09-23T15:15:00Z",
    "github_reviewed_at": "2019-09-25T12:33:32Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Maven / org.apache.jspwiki:jspwiki-war

Package

Name: org.apache.jspwiki:jspwiki-war; View open source insights on deps.dev
Purl: pkg:maven/org.apache.jspwiki/jspwiki-war

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.9.0

Fixed

2.11.0.M5

Affected versions

2.*

2.10.0

2.10.1

2.10.2

2.10.3

2.10.4

2.10.5

2.11.0.M1

2.11.0.M2

2.11.0.M3

2.11.0.M4

Database specific

{
    "last_known_affected_version_range": "<= 2.11.0.M4"
}