CVE-2019-10078
N/A
N/A
Summary
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache JSPWiki | Apache JSPWiki 2.9.0 to 2.11.0.M3 | affected |
Weaknesses
- Cross-site scripting vulnerability
ADP Enrichment
CVE Program Container
Additional References
- https://lists.apache.org/thread.html/24f324ef11e43ba89ec9aac3725a5ecd4289835639c476299e7660d9%40%3Cdev.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16%40%3Ccommits.jspwiki.apache.org%3E
- http://www.openwall.com/lists/oss-security/2019/05/19/6
- https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10078
- https://lists.apache.org/thread.html/959811b776e1a332a1a4295405b683fd64190d079a7c3028f1c314d7%40%3Cdev.jspwiki.apache.org%3E
- http://www.securityfocus.com/bid/108437
References
- https://lists.apache.org/thread.html/24f324ef11e43ba89ec9aac3725a5ecd4289835639c476299e7660d9%40%3Cdev.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16%40%3Ccommits.jspwiki.apache.org%3E
- http://www.openwall.com/lists/oss-security/2019/05/19/6
- https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10078
- https://lists.apache.org/thread.html/959811b776e1a332a1a4295405b683fd64190d079a7c3028f1c314d7%40%3Cdev.jspwiki.apache.org%3E
- http://www.securityfocus.com/bid/108437
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.