CVE-2019-0224
Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main
6.1
MEDIUM
CVSS 3.1
EPSS 2.4%
Description
In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.
How to fix CVE-2019-0224
To remediate CVE-2019-0224, upgrade the affected package to a fixed version below.
- —upgrade to 2.11.0.M3 or later
Is CVE-2019-0224 being exploited?
Low — EPSS is 2.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 2.9.0, < 2.11.0.M3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |