Maven package
org.apache.jspwiki/jspwiki-war
pkg:maven/org.apache.jspwiki/jspwiki-war
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-46907 | — | < 2.12.0 | 2.12.0 | May 25, 2023 | A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2 | ||
| CVE-2019-12407 | — | < 2.11.0.M5 | 2.11.0.M5 | Sep 23, 2019 | On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get | ||
| CVE-2019-10090 | — | >= 2.9.0, < 2.11.0.M5 | 2.11.0.M5 | Sep 23, 2019 | On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive informatio | ||
| CVE-2019-12404 | — | >= 2.9.0, < 2.11.0.M5 | 2.11.0.M5 | Sep 23, 2019 | On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information | ||
| CVE-2019-10089 | — | >= 2.9.0, < 2.11.0.M5 | 2.11.0.M5 | Sep 23, 2019 | On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive informat | ||
| CVE-2019-10087 | — | >= 2.9.0, < 2.11.0.M5 | 2.11.0.M5 | Sep 23, 2019 | On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive i | ||
| CVE-2019-10078 | — | >= 2.9.0, < 2.11.0.M4 | 2.11.0.M4 | May 20, 2019 | A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable. | ||
| CVE-2019-10077 | — | >= 2.9.0, < 2.11.0.M4 | 2.11.0.M4 | May 20, 2019 | A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. | ||
| CVE-2019-10076 | — | >= 2.9.0, < 2.11.0.M4 | 2.11.0.M4 | May 20, 2019 | A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. | ||
| CVE-2019-0225 | — | >= 2.9.0, < 2.11.0.M3 | 2.11.0.M3 | Mar 28, 2019 | A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details. | ||
| CVE-2018-20242 | — | < 2.11.0.M1 | 2.11.0.M1 | Feb 11, 2019 | A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking. |
- CVE-2022-46907May 25, 2023affected < 2.12.0fixed 2.12.0
A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2
- CVE-2019-12407Sep 23, 2019affected < 2.11.0.M5fixed 2.11.0.M5
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get
- CVE-2019-10090Sep 23, 2019affected >= 2.9.0, < 2.11.0.M5fixed 2.11.0.M5
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive informatio
- CVE-2019-12404Sep 23, 2019affected >= 2.9.0, < 2.11.0.M5fixed 2.11.0.M5
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information
- CVE-2019-10089Sep 23, 2019affected >= 2.9.0, < 2.11.0.M5fixed 2.11.0.M5
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive informat
- CVE-2019-10087Sep 23, 2019affected >= 2.9.0, < 2.11.0.M5fixed 2.11.0.M5
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive i
- CVE-2019-10078May 20, 2019affected >= 2.9.0, < 2.11.0.M4fixed 2.11.0.M4
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.
- CVE-2019-10077May 20, 2019affected >= 2.9.0, < 2.11.0.M4fixed 2.11.0.M4
A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
- CVE-2019-10076May 20, 2019affected >= 2.9.0, < 2.11.0.M4fixed 2.11.0.M4
A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
- CVE-2019-0225Mar 28, 2019affected >= 2.9.0, < 2.11.0.M3fixed 2.11.0.M3
A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.
- CVE-2018-20242Feb 11, 2019affected < 2.11.0.M1fixed 2.11.0.M1
A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking.