Lucene search
PRIOn knowledge basePRION:CVE-2019-0224HistoryMar 28, 2019 - 9:29 p.m.
Input validation
2019-03-2821:29:00
PRIOn knowledge base
www.prio-n.com
5
In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user’s session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else’s browser; only on its own browser.
References
www.securityfocus.com/bid/107631
jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0224
lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
lists.apache.org/thread.html/b4b4992a93d899050c1117a07c3c7fc9a175ec0672ab97065228de67@%3Cdev.jspwiki.apache.org%3E
lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E
Related
cve
cve
CVE-2019-0224
2019-03-28 21:29:00
veracode
veracode
Cross-site Scripting (XSS)
2019-03-29 02:48:02
cvelist
cvelist
CVE-2019-0224
2019-03-28 21:00:53
nvd
nvd
CVE-2019-0224
2019-03-28 21:29:00
osv
osv
Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main
2019-04-02 15:46:48
CVE-2019-0224
2019-03-28 21:29:00
github
github
Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main
2019-04-02 15:46:48
ubuntucve
ubuntucve
CVE-2019-0224
2019-03-28 00:00:00
openvas
openvas
Apache JSPWiki < 2.11.0.M3 Multiple Vulnerabilities
2022-01-12 00:00:00