The Apache JSPWiki team is pleased to announce the release of JSPWiki
2.11.0.M3.
This is the third release towards the 2.11 series of Apache JSPWiki, a
feature-rich and
extensible WikiWiki engine built around the standard JEE components. M#
releases are as
production-ready as any other JSPWiki rel
Severity: Medium
Vendor: The Apache Software Foundation
Versions Affected: Apache JSPWiki up to 2.11.0.M2
Description:
A carefully crafted URL could execute javascript on another user's session.
No information could be saved on the server or jspwiki database, nor would
an attacker be able to exe
Severity: High
Vendor: The Apache Software Foundation
Versions Affected: Apache JSPWiki up to 2.11.0.M2
Description:
A specially crafted url could be used to access files under the ROOT
directory of the application on Apache JSPWiki, which could be used by an
attacker to obtain registered users'
