GHSA-gwfq-qwmp-x9xg

Source

https://github.com/advisories/GHSA-gwfq-qwmp-x9xg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/10/GHSA-gwfq-qwmp-x9xg/GHSA-gwfq-qwmp-x9xg.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-gwfq-qwmp-x9xg

Aliases

CVE-2019-10087

Published

2019-10-11T18:41:50Z

Modified

2023-11-08T04:00:39.986181Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Cross-site scripting in Apache JSPWiki

Details

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Database specific

{
    "nvd_published_at": "2019-09-23T15:15:00Z",
    "github_reviewed_at": "2019-09-25T12:33:23Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Maven / org.apache.jspwiki:jspwiki-war

Package

Name: org.apache.jspwiki:jspwiki-war; View open source insights on deps.dev
Purl: pkg:maven/org.apache.jspwiki/jspwiki-war

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.9.0

Fixed

2.11.0.M5

Affected versions

2.*

2.10.0

2.10.1

2.10.2

2.10.3

2.10.4

2.10.5

2.11.0.M1

2.11.0.M2

2.11.0.M3

2.11.0.M4

Database specific

{
    "last_known_affected_version_range": "<= 2.11.0.M4"
}