A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2019-05-20T20:50:54
Updated: 2019-05-23T15:06:05
Reserved: 2019-03-26T00:00:00
Link: CVE-2019-10078
JSON object: View
NVD Information
Status : Modified
Published: 2019-05-20T21:29:00.877
Modified: 2023-11-07T03:02:22.050
Link: CVE-2019-10078
JSON object: View
Redhat Information
No data.
CWE