CVE-2019-12407: XSS
First published: Mon Sep 23 2019(Updated: )
In Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
Credit: security@apache.org security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.apache.jspwiki:jspwiki-main | <2.11.0.M5 | 2.11.0.M5 |
| maven/org.apache.jspwiki:jspwiki-war | <2.11.0.M5 | 2.11.0.M5 |
| Apache JSPWiki | <=2.10.5 | |
| Apache JSPWiki | =2.11.0-m1 | |
| Apache JSPWiki | =2.11.0-m1-rc1 | |
| Apache JSPWiki | =2.11.0-m1-rc2 | |
| Apache JSPWiki | =2.11.0-m1-rc3 | |
| Apache JSPWiki | =2.11.0-m2 | |
| Apache JSPWiki | =2.11.0-m2-rc1 | |
| Apache JSPWiki | =2.11.0-m3 | |
| Apache JSPWiki | =2.11.0-m3-rc1 | |
| Apache JSPWiki | =2.11.0-m3-rc2 | |
| Apache JSPWiki | =2.11.0-m4 | |
| Apache JSPWiki | =2.11.0-m4-rc1 | |
| Apache JSPWiki | =2.11.0-m4-rc2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Apache JSPWiki vulnerability?
The vulnerability ID for this Apache JSPWiki vulnerability is CVE-2019-12407.
What is the severity of CVE-2019-12407?
The severity of CVE-2019-12407 is medium with a CVSS score of 6.1.
How can an attacker exploit the CVE-2019-12407 vulnerability?
An attacker can exploit the CVE-2019-12407 vulnerability by crafting a plugin link invocation that triggers an XSS vulnerability on Apache JSPWiki.
Which versions of Apache JSPWiki are affected by CVE-2019-12407?
Apache JSPWiki up to version 2.11.0.M4 is affected by the CVE-2019-12407 vulnerability.
How can I fix the CVE-2019-12407 vulnerability?
To fix the CVE-2019-12407 vulnerability, update Apache JSPWiki to version 2.11.0.M5 or later.
- collector/github-advisory-latest
- alias/GHSA-p2r4-rpj8-m2p9
- alias/CVE-2019-12407
- collector/github-advisory
- collector/nvd-index
- collector/nvd-cve
- agent/type
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- agent/trending
- package-manager/maven
- vendor/apache
- canonical/apache jspwiki
- version/apache jspwiki/2.10.5
- version/apache jspwiki/2.11.0-m1
- version/apache jspwiki/2.11.0-m1-rc1
- version/apache jspwiki/2.11.0-m1-rc2
- version/apache jspwiki/2.11.0-m1-rc3
- version/apache jspwiki/2.11.0-m2
- version/apache jspwiki/2.11.0-m2-rc1
- version/apache jspwiki/2.11.0-m3
- version/apache jspwiki/2.11.0-m3-rc1
- version/apache jspwiki/2.11.0-m3-rc2
- version/apache jspwiki/2.11.0-m4
- version/apache jspwiki/2.11.0-m4-rc1
- version/apache jspwiki/2.11.0-m4-rc2