Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main · CVE-2019-0224 · GitHub Advisory Database · GitHub

Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main

Moderate severity GitHub Reviewed Published Apr 2, 2019 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

org.apache.jspwiki:jspwiki-main (Maven)

Affected versions

>= 2.9.0, <= 2.11.0.M2

Patched versions

2.11.0.M3

Description

In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.

References

Published to the GitHub Advisory Database Apr 2, 2019

Reviewed Jun 16, 2020

Last updated Jan 9, 2023

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N