[ANNOUNCE] Apache JSPWiki 2.11.0.M4 released

2019-05-19 Thread Juan Pablo Santos Rodríguez
The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.11.0.M4. This is the fourth release towards the 2.11 series of Apache JSPWiki, a feature-rich and extensible WikiWiki engine built around the standard JEE components. M# releases are as production-ready as any other JSPWiki re

[CVE-2019-10076] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki

2019-05-19 Thread Juan Pablo Santos Rodríguez
Severity Medium Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.0.M3 Description A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki, which could lead to session hijacking. Mitigation Apache JSPWiki users should upgrade

[CVE-2019-10077] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki

2019-05-19 Thread Juan Pablo Santos Rodríguez
Severity Medium Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.0.M3 Description A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki, which could lead to session hijacking. Mitigation Apache JSPWiki users should upgrade to 2.

[CVE-2019-10078] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki

2019-05-19 Thread Juan Pablo Santos Rodríguez
Severity Medium Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.0.M3 Description A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlu