[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] [CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPW
From: Juan_Pablo_Santos_RodrÃguez <juanpablo.santos () gmail ! com>
Date: 2019-01-31 20:32:26
Message-ID: CAMufup4hyhhpgfsiEcmKY7u_vSueB=1WTK5NCShaep-wXP5pOQ () mail ! gmail ! com
[Download RAW message or body]
Hi Henri,
the vulnerability announcement can be seen here
https://lists.apache.org/thread.html/8ee4644432c0a433c5c514a57d940cf6dcb0a0094acd97b36290f0b4@%3Cuser.jspwiki.apache.org%3E
We've also documented it at
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2018-20242
Please do let me know if something else is needed.
best regards,
juan pablo
On Thu, Jan 31, 2019 at 9:39 AM Henri Salo <henri@nerv.fi> wrote:
> On Wed, Jan 30, 2019 at 09:01:43PM +0100, Juan Pablo Santos RodrÃguez
> wrote:
> > Versions Affected: Apache JSPWiki up to 2.10.5
> >
> > Description:
> > A carefully crafted URL could trigger an XSS vulnerability on Apache
> > JSPWiki, which could lead to session hijacking.
> >
> > Mitigation:
> > Apache JSPWiki users should upgrade to 2.11.0.M1 or later.
> >
> > Credit:
> > This issue was discovered by Jamie Parfet.
>
> Do you have any Apache reference URLs for this issue?
>
> --
> Henri Salo
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic