A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
{ "nvd_published_at": null, "github_reviewed_at": "2019-05-29T19:05:23Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-79" ] }