In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2019-03-28T21:00:53
Updated: 2019-05-19T17:06:00
Reserved: 2018-11-14T00:00:00
Link: CVE-2019-0224
JSON object: View
NVD Information
Status : Modified
Published: 2019-03-28T21:29:00.243
Modified: 2023-11-07T03:01:52.523
Link: CVE-2019-0224
JSON object: View
Redhat Information
No data.
CWE