Jspwiki: >> Jspwiki >> 2.5.139 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to inject arbitrary web script or HTML via the editor parameter, a different vector than CVE-2007-5120.b.
CVSS Score
4.3
EPSS Score
0.071
Published
2008-03-10
Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to upload and execute arbitrary .jsp files via an unspecified manipulation that attaches a .jsp file to an "entry page."
CVSS Score
9.3
EPSS Score
0.077
Published
2008-03-10
Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to include and execute arbitrary local .jsp files, and obtain sensitive information, via a .. (dot dot) in the editor parameter.
CVSS Score
9.3
EPSS Score
0.049
Published
2008-03-10