[CVE-2019-10087] Apache JSPWiki Cross-site scripting vulnerability in Page Revision History

2019-09-20 Thread Juan Pablo Santos Rodríguez
Severity Medium Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.0.M4 Description A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute java

[CVE-2019-10089] Apache JSPWiki Cross-site scripting vulnerability on WYSIWYG editor

2019-09-20 Thread Juan Pablo Santos Rodríguez
Severity Medium Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.0.M4 Description A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript

[CVE-2019-10090] Apache JSPWiki Cross-site scripting vulnerability on plain editor

2019-09-20 Thread Juan Pablo Santos Rodríguez
Severity Medium Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.0.M4 Description A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in

[CVE-2019-12407] Apache JSPWiki Cross-site scripting vulnerability related to the remember parameter

2019-09-20 Thread Juan Pablo Santos Rodríguez
Severity Medium Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.0.M4 Description A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacke

[CVE-2019-12404] Apache JSPWiki Cross-site scripting vulnerability on InfoContent.jsp

2019-09-20 Thread Juan Pablo Santos Rodríguez
Severity Medium Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.0.M4 Description A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in

Re: [CVE-2019-12407] Apache JSPWiki Cross-site scripting vulnerability related to the remember parameter

2019-09-20 Thread Juan Pablo Santos Rodríguez
small correction: the appropiate reference url is https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12407 On Fri, Sep 20, 2019 at 3:17 PM Juan Pablo Santos Rodríguez < juanpa...@apache.org> wrote: > Severity > Medium > > Vendor > The Apache Software Foundation > > Versions Affected > Apache

[CVE-2019-12407] Apache JSPWiki Cross-site scripting vulnerability related to the remember parameter

2019-09-20 Thread Juan Pablo Santos Rodríguez
Severity Medium Vendor The Apache Software Foundation Versions Affected Apache JSPWiki up to 2.11.0.M4 Description A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attack