Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZtcHEtdzVxNi05dmY5

Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main

In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.

Permalink: https://github.com/advisories/GHSA-fmpq-w5q6-9vf9
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZtcHEtdzVxNi05dmY5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 5 years ago
Updated: almost 2 years ago


CVSS Score: 6.1
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Percentage: 0.00267
EPSS Percentile: 0.67249

Identifiers: GHSA-fmpq-w5q6-9vf9, CVE-2019-0224
References: Blast Radius: 7.9

Affected Packages

maven:org.apache.jspwiki:jspwiki-main
Dependent packages: 8
Dependent repositories: 20
Downloads:
Affected Version Ranges: >= 2.9.0, <= 2.11.0.M2
Fixed in: 2.11.0.M3
All affected versions: 2.11.0, 2.11.1, 2.11.2, 2.11.3, 2.12.0, 2.12.1, 2.12.2
All unaffected versions: