GHSA-fmpq-w5q6-9vf9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fmpq-w5q6-9vf9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-fmpq-w5q6-9vf9/GHSA-fmpq-w5q6-9vf9.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fmpq-w5q6-9vf9
- Aliases
- Published
- 2019-04-02T15:46:48Z
- Modified
- 2023-11-08T04:00:31.969517Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main
- Details
-
In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.
- Database specific
{ "nvd_published_at": null, "github_reviewed_at": "2020-06-16T21:34:58Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-79" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-0224
- https://github.com/advisories/GHSA-fmpq-w5q6-9vf9
- https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0224
- https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/b4b4992a93d899050c1117a07c3c7fc9a175ec0672ab97065228de67@%3Cdev.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E
- http://www.securityfocus.com/bid/107631
Affected packages
Maven / org.apache.jspwiki:jspwiki-main
Package
- Name
- org.apache.jspwiki:jspwiki-main
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.jspwiki/jspwiki-main