Vulnerability Description
In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Jspwiki | >= 2.9.0, <= 2.10.5 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/107631Third Party AdvisoryVDB Entry
- https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0224Vendor Advisory
- https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c52
- https://lists.apache.org/thread.html/b4b4992a93d899050c1117a07c3c7fc9a175ec0672a
- https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e
- http://www.securityfocus.com/bid/107631Third Party AdvisoryVDB Entry
- https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0224Vendor Advisory
- https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c52
- https://lists.apache.org/thread.html/b4b4992a93d899050c1117a07c3c7fc9a175ec0672a
- https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e
FAQ
What is CVE-2019-0224?
CVE-2019-0224 is a vulnerability with a CVSS score of 6.1 (MEDIUM). In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker...
How severe is CVE-2019-0224?
CVE-2019-0224 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-0224?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Jspwiki.