CVE-2019-10089

MEDIUM

Apache JSPWiki <2.11.0.M4 - XSS

Title source: llm

Description

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

Exploits (2)

nomisec

by shoucheng3 · poc

https://github.com/shoucheng3/apache__jspwiki_CVE-2019-10089_2_11_0_M5_fixed

View on nomisec

nomisec WRITEUP

by shoucheng3 · poc

https://github.com/shoucheng3/apache__jspwiki_CVE-2019-10089_2-11-0-M4

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10089

Scores

CVSS v3 6.1

EPSS 0.0437

EPSS Percentile 89.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (3)

apache/jspwiki 2.11.0 m1 (12 CPE variants)

apache/jspwiki < 2.10.5

org.apache.jspwiki/jspwiki-war 2.9.0 - 2.11.0.M5Maven

Published Sep 23, 2019

Tracked Since Feb 18, 2026