org.apache.jspwiki:jspwiki-war
Maven11 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.jspwiki:jspwiki-warpage 1 of 1
- CVE-2018-20242MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.11.0.M12019-02-11
vulnerable: 2.10.0 ... 2.10.5 (6 versions)
A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking.
- CVE-2019-0225HIGHCVSS 7.5EG 7.5✓ Fixed in 2.11.0.M32019-03-28
vulnerable: 2.10.0 ... 2.11.0.M2 (8 versions)
A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.
- CVE-2019-10076MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.11.0.M42019-05-20
vulnerable: 2.10.0 ... 2.11.0.M3 (9 versions)
A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
- CVE-2019-10077MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.11.0.M42019-05-20
vulnerable: 2.10.0 ... 2.11.0.M3 (9 versions)
A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
- CVE-2019-10078MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.11.0.M42019-05-20
vulnerable: 2.10.0 ... 2.11.0.M3 (9 versions)
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that mu…
- CVE-2019-10087MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.11.0.M52019-09-23
vulnerable: 2.10.0 ... 2.11.0.M4 (10 versions)
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the …
- CVE-2019-10089MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.11.0.M52019-09-23
vulnerable: 2.10.0 ... 2.11.0.M4 (10 versions)
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim'…
- CVE-2019-10090MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.11.0.M52019-09-23
vulnerable: 2.10.0 ... 2.11.0.M4 (10 versions)
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's …
- CVE-2019-12404MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.11.0.M52019-09-23
vulnerable: 2.10.0 ... 2.11.0.M4 (10 versions)
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's b…
- CVE-2019-12407MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.11.0.M52019-09-23
vulnerable: 2.10.0 ... 2.11.0.M4 (10 versions)
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute j…
- CVE-2022-46907MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.12.02023-05-25
vulnerable: 2.10.0 ... 2.11.3 (18 versions)
A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. …
Check whether org.apache.jspwiki:jspwiki-war is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.jspwiki:jspwiki-war CVEs against the assets you own.
Start Free Scan →