CVE-2019-10076

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

3.2%

top 13.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Jspwiki Apache Software Foundation Apache Jspwiki

Timeline

PublishedMay 20

Latest updateJun 6

Description

A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶Mavenorg.apache.jspwiki:jspwiki-war2.9.0 — 2.11.0.M4

▶Mavenorg.apache.jspwiki:jspwiki-main2.9.0 — 2.11.0.M4

▶NVDapache/jspwiki2.9.0 — 2.11.0+1

▶CVEListV5apache_software_foundation/apache_jspwikiApache JSPWiki 2.9.0 to 2.11.0.M3

🔴Vulnerability Details

GHSA

Cross-Site Scripting in JSPWiki↗2019-06-06

▶

OSV

Cross-Site Scripting in JSPWiki↗2019-06-06

▶

CVEList

CVE-2019-10076: A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2↗2019-05-20

▶