CVE-2019-10077

Published: May 20, 2019
Updated: Nov 8, 2023
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-10077" target="_blank" rel="noopener"> CVE-2019-10077
GHSA: <a href="https://github.com/advisories/GHSA-cj6j-32rg-45r2" target="_blank" rel="noopener"> GHSA-cj6j-32rg-45r2
Severity: Medium
Exploit:

A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.

CVSS v3:

CVSS v2:

CWEs:

OWASP TOP 10:

Software	From	Fixed in
apache / jspwiki	2.9.0	2.11.0.x
apache / jspwiki	2.11.0-m1-rc2	2.11.0-m1-rc2.x
apache / jspwiki	2.11.0-m1.rc3	2.11.0-m1.rc3.x
apache / jspwiki	2.11.0-m1	2.11.0-m1.x
apache / jspwiki	2.11.0-m2-rc1	2.11.0-m2-rc1.x
apache / jspwiki	2.11.0-m2	2.11.0-m2.x
apache / jspwiki	2.11.0-m1-rc1	2.11.0-m1-rc1.x
org.apache.jspwiki / jspwiki-war	2.9.0	2.11.0.M4
org.apache.jspwiki / jspwiki-main	2.9.0	2.11.0.M4