Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4eDItZnAzOS1yZjNy

Moderate EPSS: 0.03224% (0.86507 Percentile) EPSS:
Permalink JSON

Cross-Site Scripting in JSPWiki

Affected Packages Affected Versions Fixed Versions
maven:org.apache.jspwiki:jspwiki-main >= 2.9.0, <= 2.11.0.M3 2.11.0.M4
8 Dependent packages
20 Dependent repositories

Affected Version Ranges

All affected versions

2.11.0, 2.11.1, 2.11.2, 2.11.3, 2.12.0, 2.12.1, 2.12.2, 2.12.3

All unaffected versions
maven:org.apache.jspwiki:jspwiki-war >= 2.9.0, <= 2.11.0.M3 2.11.0.M4
5 Dependent packages
22 Dependent repositories

Affected Version Ranges

All affected versions

2.10.0, 2.10.1, 2.10.2, 2.10.3, 2.10.4, 2.10.5, 2.11.0, 2.11.1, 2.11.2, 2.11.3, 2.12.0, 2.12.1, 2.12.2, 2.12.3

All unaffected versions

A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.

References:

Identifiers

GHSA-cxx2-fp39-rf3r

CVE-2019-10076

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.03224

EPSS Percentile: 0.86507

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

over 6 years ago

Updated

almost 3 years ago

API

JSON