Vulnerability Description
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Jspwiki | >= 2.9.0, <= 2.11.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2019/05/19/6
- http://www.securityfocus.com/bid/108437
- https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10078Vendor Advisory
- https://lists.apache.org/thread.html/24f324ef11e43ba89ec9aac3725a5ecd4289835639c
- https://lists.apache.org/thread.html/959811b776e1a332a1a4295405b683fd64190d079a7
- https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c52
- http://www.openwall.com/lists/oss-security/2019/05/19/6
- http://www.securityfocus.com/bid/108437
- https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10078Vendor Advisory
- https://lists.apache.org/thread.html/24f324ef11e43ba89ec9aac3725a5ecd4289835639c
- https://lists.apache.org/thread.html/959811b776e1a332a1a4295405b683fd64190d079a7
- https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c52
FAQ
What is CVE-2019-10078?
CVE-2019-10078 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlug...
How severe is CVE-2019-10078?
CVE-2019-10078 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10078?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Jspwiki.