Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZtcHEtdzVxNi05dmY5
Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main
In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.
Permalink: https://github.com/advisories/GHSA-fmpq-w5q6-9vf9JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZtcHEtdzVxNi05dmY5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 5 years ago
Updated: almost 2 years ago
CVSS Score: 6.1
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Percentage: 0.00267
EPSS Percentile: 0.67249
Identifiers: GHSA-fmpq-w5q6-9vf9, CVE-2019-0224
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-0224
- https://github.com/advisories/GHSA-fmpq-w5q6-9vf9
- https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0224
- https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/b4b4992a93d899050c1117a07c3c7fc9a175ec0672ab97065228de67@%3Cdev.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E
- http://www.securityfocus.com/bid/107631
Affected Packages
maven:org.apache.jspwiki:jspwiki-main
Dependent packages: 8Dependent repositories: 20
Downloads:
Affected Version Ranges: >= 2.9.0, <= 2.11.0.M2
Fixed in: 2.11.0.M3
All affected versions: 2.11.0, 2.11.1, 2.11.2, 2.11.3, 2.12.0, 2.12.1, 2.12.2
All unaffected versions: