CVE-2019-10078
Cross-site Scriptin in JSPWiki
6.1
MEDIUM
CVSS 3.1
EPSS 3.0%
Description
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.
How to fix CVE-2019-10078
To remediate CVE-2019-10078, upgrade the affected package to a fixed version below.
- —upgrade to 2.11.0.M4 or later
- —upgrade to 2.11.0.M4 or later
Is CVE-2019-10078 being exploited?
Low — EPSS is 3.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 2.9.0, < 2.11.0.M4
- >= 2.9.0, < 2.11.0.M4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |