CVE-2019-0224

EUVD-2019-0416
In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
apachejspwiki
2.9.0 ≤
𝑥
≤ 2.10.5
apachejspwiki
2.11.0:milestone1
apachejspwiki
2.11.0:milestone1-rc1
apachejspwiki
2.11.0:milestone1-rc2
apachejspwiki
2.11.0:milestone1-rc3
apachejspwiki
2.11.0:milestone2
apachejspwiki
2.11.0:milestone2-rc1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jspwiki
bionic
dne
cosmic
dne
trusty
dne
xenial
dne
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/107631
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0224
https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16%40%3Ccommits.jspwiki.apache.org%3E
https://lists.apache.org/thread.html/b4b4992a93d899050c1117a07c3c7fc9a175ec0672ab97065228de67%40%3Cdev.jspwiki.apache.org%3E
https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1%40%3Ccommits.jspwiki.apache.org%3E
http://www.securityfocus.com/bid/107631
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0224
https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16%40%3Ccommits.jspwiki.apache.org%3E
https://lists.apache.org/thread.html/b4b4992a93d899050c1117a07c3c7fc9a175ec0672ab97065228de67%40%3Cdev.jspwiki.apache.org%3E
https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1%40%3Ccommits.jspwiki.apache.org%3E