CVE-2018-20242

MEDIUM

Apache JSPWiki < 2.10.5 - Cross-Site Scripting via Crafted URL

Title source: llm

A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking.

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

Mailing List mailing-list x_refsource_mlist

Mailing List mailing-list x_refsource_mlist

Mailing List mailing-list x_refsource_mlist

CVSS v3 6.1

EPSS 0.0132

EPSS Percentile 80.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79

Status published

Products (2)

apache/jspwiki < 2.10.5

org.apache.jspwiki/jspwiki-war 0 - 2.11.0.M1Maven

Published Feb 11, 2019

Tracked Since Feb 18, 2026