Shodan
Vulnerabilities
Vulnerable Software
Apache:  >> Jspwiki  >> 1.6.12  Security Vulnerabilities
CVE-2021-44140
Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. Apache JSPWiki users should upgrade to 2.11.0 or later.
CVSS Score
9.1
EPSS Score
0.079
Published
2021-11-24
CVE-2019-10090
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
CVSS Score
6.1
EPSS Score
0.052
Published
2019-09-23
CVE-2019-12407
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
CVSS Score
6.1
EPSS Score
0.052
Published
2019-09-23
CVE-2019-10087
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
CVSS Score
6.1
EPSS Score
0.052
Published
2019-09-23
CVE-2019-10089
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
CVSS Score
6.1
EPSS Score
0.052
Published
2019-09-23
CVE-2019-12404
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
CVSS Score
6.1
EPSS Score
0.052
Published
2019-09-23
CVE-2018-20242
A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking.
CVSS Score
6.1
EPSS Score
0.014
Published
2019-02-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved