CVE-2019-10078
Description
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
3.225
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-10078,CVE-2019-10077,CVE-2019-10076 are fixed in Apache-jspwiki-main 2.11.0 | Windows |
| Vulnerabilities CVE-2019-10078,CVE-2019-10077,CVE-2019-10076 are fixed in Apache - jspwiki-war 2.11.0 | Windows |
| Vulnerabilities CVE-2019-10078,CVE-2019-10077,CVE-2019-10076 are fixed in Apache-jspwiki-main for Linux 2.11.0 | Linux |
| Vulnerabilities CVE-2019-10078,CVE-2019-10077,CVE-2019-10076 are fixed in Apache - jspwiki-war for Linux 2.11.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234