[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] [CVE-2019-10078] Apache JSPWiki Cross-site scripting vulnerability
From: Juan_Pablo_Santos_RodrÃguez <juanpablo.santos () gmail ! com>
Date: 2019-05-19 16:06:34
Message-ID: CAMufup48w0bHkdw05t80d+xP7Z7vHKnEkAJ6uS+8UQbn8=ODew () mail ! gmail ! com
[Download RAW message or body]
[CVEID]:CVE-2019-10078
[PRODUCT]:Apache JSPWiki
[VERSION]:Apache JSPWiki 2.9.0 to 2.11.0.M3
[PROBLEMTYPE]:Cross-site scripting vulnerability
[REFERENCES]:https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10078
[DESCRIPTION]:A carefully crafted plugin link invocation could trigger an
XSS vulnerability on Apache JSPWiki, which could lead to session
hijacking. Initial reporting indicated ReferredPagesPlugin, but further
analysis showed that multiple plugins were vulnerable.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic