CVE-2019-10087

MEDIUM

Apache JSPWiki < 2.11.0.M5 - Cross-Site Scripting via Plugin Link Invocation

Title source: llm

Description

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10087

Scores

CVSS v3 6.1

EPSS 0.0442

EPSS Percentile 89.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (3)

apache/jspwiki 2.11.0 m1 (12 CPE variants)

apache/jspwiki < 2.10.5

org.apache.jspwiki/jspwiki-war 2.9.0 - 2.11.0.M5Maven

Published Sep 23, 2019

Tracked Since Feb 18, 2026