CVE-2019-10089

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
6.1MEDIUM
EPSS
4.4%
top 11.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Jspwiki
Timeline
PublishedSep 23
Latest updateOct 11

Description

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

Mavenorg.apache.jspwiki:jspwiki-war2.9.02.11.0.M5
NVDapache/jspwiki2.10.5+1
CVEListV5apache_jspwikiApache JSPWiki up to 2.11.0.M4

🔴Vulnerability Details

3
GHSA
Cross-site scripting in Apache JSPWiki2019-10-11
OSV
Cross-site scripting in Apache JSPWiki2019-10-11
CVEList
CVE-2019-10089: On Apache JSPWiki, up to version 22019-09-23
CVE-2019-10089 (MEDIUM CVSS 6.1) | On Apache JSPWiki | cvebase.io