CVE-2019-10076

MEDIUM

Apache JSPWiki <2.11.0.M3 - XSS

Title source: llm

Description

A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.

Exploits (2)

nomisec WRITEUP
by shoucheng3 · poc
https://github.com/shoucheng3/apache__jspwiki_CVE-2019-10076_2-11-0-M3

References (4)

Scores

CVSS v3 6.1
EPSS 0.0305
EPSS Percentile 86.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (4)
apache/jspwiki 2.11.0 m1 (6 CPE variants)
apache/jspwiki 2.9.0 - 2.11.0
org.apache.jspwiki/jspwiki-main 2.9.0 - 2.11.0.M4Maven
org.apache.jspwiki/jspwiki-war 2.9.0 - 2.11.0.M4Maven
Published May 20, 2019
Tracked Since Feb 18, 2026