CVE-2019-10078

Summary

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache JSPWikiApache JSPWiki 2.9.0 to 2.11.0.M3affected

Weaknesses

  • Cross-site scripting vulnerability

ADP Enrichment

CVE Program Container

Additional References

References