CVE-2019-12404

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m1:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m1-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m1-rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m1-rc3:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m2:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m2-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m3:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m3-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m3-rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m4:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m4-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:m4-rc2:*:*:*:*:*:*

History

No history.

Information

Published : 2019-09-23 15:15

Updated : 2024-02-04 20:39


NVD link : CVE-2019-12404

Mitre link : CVE-2019-12404

CVE.ORG link : CVE-2019-12404


JSON object : View

Products Affected

apache

  • jspwiki
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')