CVE-2019-12407
MEDIUMApache JSPWiki < 2.11.0.M5 - Cross-Site Scripting via Remember Parameter
Title source: llmDescription
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12407
Scores
CVSS v3
6.1
EPSS
0.0442
EPSS Percentile
89.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (4)
apache/jspwiki
2.11.0 m1 (12 CPE variants)
apache/jspwiki
< 2.10.5
org.apache.jspwiki/jspwiki-main
0 - 2.11.0.M5Maven
org.apache.jspwiki/jspwiki-war
0 - 2.11.0.M5Maven
Published
Sep 23, 2019
Tracked Since
Feb 18, 2026