oss-sec mailing list archives
[CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki
From: Juan Pablo Santos Rodríguez <juanpablo () apache org>
Date: Wed, 30 Jan 2019 21:01:43 +0100
Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Apache JSPWiki up to 2.10.5 Description: A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, which could lead to session hijacking. Mitigation: Apache JSPWiki users should upgrade to 2.11.0.M1 or later. Credit: This issue was discovered by Jamie Parfet.
Current thread:
- [CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki Juan Pablo Santos Rodríguez (Jan 31)
- Re: [CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki Henri Salo (Jan 31)
- Re: [CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki Juan Pablo Santos Rodríguez (Feb 01)
- Re: [CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki Henri Salo (Jan 31)