www-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Juan Pablo Santos Rodríguez <juanpa...@apache.org>
Subject [CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki
Date Wed, 30 Jan 2019 20:00:32 GMT
 Severity: Medium

Vendor: The Apache Software Foundation

Versions Affected: Apache JSPWiki up to 2.10.5

Description:
A carefully crafted URL could trigger an XSS vulnerability on Apache
JSPWiki, which could lead to session hijacking.

Mitigation:
Apache JSPWiki users should upgrade to 2.11.0.M1 or later.

Credit:
This issue was discovered by Jamie Parfet.

Mime
View raw message