CVE-2019-12404
MEDIUMApache JSPWiki < 2.11.0.M5 - Cross-Site Scripting via Plugin Link Invocation
Title source: llmDescription
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12404
Scores
CVSS v3
6.1
EPSS
0.0442
EPSS Percentile
89.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (3)
apache/jspwiki
2.11.0 m1 (12 CPE variants)
apache/jspwiki
< 2.10.5
org.apache.jspwiki/jspwiki-war
2.9.0 - 2.11.0.M5Maven
Published
Sep 23, 2019
Tracked Since
Feb 18, 2026