QwikSec

Security Database

CVE

CWE

Training

CVE-2019-0224

Published: Mar 28, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.

Vendor	Product	Versions
Apache	Apache JSPWiki	affected `Apache JSPWiki 2.9.0 to 2.11.0.M2`

References

[jspwiki-dev] 20190326 [CVE-2019-0224] Apache JSPWiki Cross-site scripting vulnerability

mailing-list

x_refsource_MLIST

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0224

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

[jspwiki-commits] 20190329 [jspwiki-site] branch jbake updated: add CVE-2019-0224 and CVE-2019-0225 vulnerability disclosures

mailing-list

x_refsource_MLIST

[jspwiki-commits] 20190519 [jspwiki-site] branch jbake updated: added CVE-2019-10076, CVE-2019-10077 and CVE-2019-10078 vulnerability disclosures

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.