Lucene search
GoogleOSV:CVE-2019-12407HistorySep 23, 2019 - 4:15 p.m.
CVE-2019-12407
2019-09-2316:15:14
Google
osv.dev
2
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jspwiki | eq | 2.10.4-RC1 | |
| jspwiki | eq | 2.10.5-RC1 | |
| jspwiki | eq | 2.10.5-RC2 | |
| jspwiki | eq | 2.10.4-RC3 | |
| jspwiki | eq | 2.10.3-RC2 | |
| jspwiki | eq | 2.10.5 | |
| jspwiki | eq | 2.10.4-RC2 | |
| jspwiki | eq | 2.10.4 | |
| jspwiki | eq | 2.10.3-RC1 | |
| jspwiki | eq | 2.10.3 |
Related
cvelist
cvelist
CVE-2019-12407
2019-09-23 15:40:59
github
github
Cross-site Scripting in Apache JSPWiki
2022-05-24 16:56:40
osv
osv
Cross-site Scripting in Apache JSPWiki
2022-05-24 16:56:40
cve
cve
CVE-2019-12407
2019-09-23 16:15:14
ubuntucve
ubuntucve
CVE-2019-12407
2019-09-23 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2019-09-23 07:25:39
prion
prion
Information disclosure
2019-09-23 16:15:00
nvd
nvd
CVE-2019-12407
2019-09-23 16:15:14
openvas
openvas
Apache JSPWiki < 2.11.0.M5 Multiple Vulnerabilities
2022-01-12 00:00:00