Vulnerability Details CVE-2019-0224
In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.03
EPSS Ranking 86.0%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/107631
- https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0224
- https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16%40%3Ccommits.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/b4b4992a93d899050c1117a07c3c7fc9a175ec0672ab97065228de67%40%3Cdev.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1%40%3Ccommits.jspwiki.apache.org%3E
- http://www.securityfocus.com/bid/107631
- https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0224
- https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16%40%3Ccommits.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/b4b4992a93d899050c1117a07c3c7fc9a175ec0672ab97065228de67%40%3Cdev.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1%40%3Ccommits.jspwiki.apache.org%3E
Products affected by CVE-2019-0224
-
cpe:2.3:a:apache:jspwiki:2.10.0
-
cpe:2.3:a:apache:jspwiki:2.10.1
-
cpe:2.3:a:apache:jspwiki:2.10.2
-
cpe:2.3:a:apache:jspwiki:2.10.3
-
cpe:2.3:a:apache:jspwiki:2.10.4
-
cpe:2.3:a:apache:jspwiki:2.10.5
-
cpe:2.3:a:apache:jspwiki:2.11.0
-
cpe:2.3:a:apache:jspwiki:2.9.0
-
cpe:2.3:a:apache:jspwiki:2.9.1