A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:18
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2019/05/19/6 - | |
References | () http://www.securityfocus.com/bid/108437 - | |
References | () https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10078 - Vendor Advisory | |
References | () https://lists.apache.org/thread.html/24f324ef11e43ba89ec9aac3725a5ecd4289835639c476299e7660d9%40%3Cdev.jspwiki.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/959811b776e1a332a1a4295405b683fd64190d079a7c3028f1c314d7%40%3Cdev.jspwiki.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16%40%3Ccommits.jspwiki.apache.org%3E - |
Information
Published : 2019-05-20 21:29
Updated : 2024-11-21 04:18
NVD link : CVE-2019-10078
Mitre link : CVE-2019-10078
CVE.ORG link : CVE-2019-10078
JSON object : View
Products Affected
apache
- jspwiki
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')