In Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
References:GSA_kwCzR0hTQS1wMnI0LXJwajgtbTJwOc4AAiHq
Cross-site Scripting in Apache JSPWiki
| Affected Packages | Affected Versions | Fixed Versions | |
|---|---|---|---|
| maven:org.apache.jspwiki:jspwiki-main | < 2.11.0.M5 | 2.11.0.M5 | |
Affected Version RangesAll affected versionsAll unaffected versions2.11.0, 2.11.1, 2.11.2, 2.11.3, 2.12.0, 2.12.1, 2.12.2, 2.12.3 |
|||
| maven:org.apache.jspwiki:jspwiki-war | < 2.11.0.M5 | 2.11.0.M5 | |
Affected Version RangesAll affected versionsAll unaffected versions2.10.0, 2.10.1, 2.10.2, 2.10.3, 2.10.4, 2.10.5, 2.11.0, 2.11.1, 2.11.2, 2.11.3, 2.12.0, 2.12.1, 2.12.2, 2.12.3 |
|||