CVE-2019-0224

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
6.1MEDIUM
EPSS
2.4%
top 14.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache JspwikiApache Apache Jspwiki
Timeline
PublishedMar 28
Latest updateApr 2

Description

In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

Mavenorg.apache.jspwiki:jspwiki-main2.9.02.11.0.M3
NVDapache/jspwiki2.9.02.10.5+1
CVEListV5apache/apache_jspwikiApache JSPWiki 2.9.0 to 2.11.0.M2

🔴Vulnerability Details

3
OSV
Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main2019-04-02
GHSA
Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main2019-04-02
CVEList
CVE-2019-0224: In Apache JSPWiki 22019-03-28
CVE-2019-0224 (MEDIUM CVSS 6.1) | In Apache JSPWiki 2.9.0 to 2.11.0.M | cvebase.io