CVE-2019-12404

CWE-79Cross-site Scripting (XSS)5 documents5 sources
Severity
6.1MEDIUM
EPSS
4.4%
top 10.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Jspwiki
Timeline
PublishedSep 23
Latest updateOct 11

Description

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

Mavenorg.apache.jspwiki:jspwiki-war2.9.02.11.0.M5
NVDapache/jspwiki2.10.5+1
CVEListV5apache_jspwikiApache JSPWiki up to 2.11.0.M4

🔴Vulnerability Details

3
GHSA
Cross-site scripting in Apache JSPWiki2019-10-11
OSV
Cross-site scripting in Apache JSPWiki2019-10-11
CVEList
CVE-2019-12404: On Apache JSPWiki, up to version 22019-09-23

💬Community

1
Bugzilla
CVE-2018-12404 nss: Cache side-channel variant of the Bleichenbacher attack2018-12-10
CVE-2019-12404 (MEDIUM CVSS 6.1) | On Apache JSPWiki | cvebase.io