CVE-2019-10077

MEDIUM

Apache JSPWiki 2.9.0-2.11.0.M3 - Cross-Site Scripting via InterWiki Link

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-10077. PoCs published by shoucheng3.

AI-analyzed exploit summary This repository contains the fixed source code for Apache JSPWiki 2.11.0.M4, addressing CVE-2019-10077. It includes integration tests and documentation but does not provide an exploit PoC or detailed vulnerability analysis.

Description

A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.

Exploits (2)

nomisec WRITEUP

by shoucheng3 · poc

https://github.com/shoucheng3/apache__jspwiki_CVE-2019-10077_2_11_0_M4_fixed

View Code ZIP pw:eip

This repository contains the fixed source code for Apache JSPWiki 2.11.0.M4, addressing CVE-2019-10077. It includes integration tests and documentation but does not provide an exploit PoC or detailed vulnerability analysis.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Apache JSPWiki 2.11.0.M4

No auth needed

Prerequisites: Access to vulnerable JSPWiki instance

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec STUB

by shoucheng3 · poc

https://github.com/shoucheng3/apache__jspwiki_CVE-2019-10077_2-11-0-M3

View Code ZIP pw:eip

This repository appears to be a Coverity build summary and partial JSPWiki source code without any actual exploit code or technical analysis of CVE-2019-10077. It lacks functional PoC or detailed vulnerability research.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Apache JSPWiki 2.11.0.M3

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/05/19/5

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16%40%3Ccommits.jspwiki.apache.org%3E

Vendor Advisory x_refsource_confirm

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10077

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/108437

Scores

CVSS v3 6.1

EPSS 0.0302

EPSS Percentile 87.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (4)

apache/jspwiki 2.11.0 m1 (6 CPE variants)

apache/jspwiki 2.9.0 - 2.11.0

org.apache.jspwiki/jspwiki-main 2.9.0 - 2.11.0.M4Maven

org.apache.jspwiki/jspwiki-war 2.9.0 - 2.11.0.M4Maven

Published May 20, 2019

Tracked Since Feb 18, 2026