CVE-2019-10087

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m1:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m1-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m1-rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m1-rc3:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m2:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m2-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m3:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m3-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m3-rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m4:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m4-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m4-rc2:*:*:*:*:*:*

History

No history.

Information

Published : 2019-09-23 15:15

Updated : 2024-02-04 20:39


NVD link : CVE-2019-10087

Mitre link : CVE-2019-10087

CVE.ORG link : CVE-2019-10087


JSON object : View

Products Affected

apache

  • jspwiki
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')