oss-sec mailing list archives
Re: [CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki
From: Juan Pablo Santos Rodríguez <juanpablo.santos () gmail com>
Date: Thu, 31 Jan 2019 21:32:26 +0100
Hi Henri, the vulnerability announcement can be seen here https://lists.apache.org/thread.html/8ee4644432c0a433c5c514a57d940cf6dcb0a0094acd97b36290f0b4@%3Cuser.jspwiki.apache.org%3E We've also documented it at https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2018-20242 Please do let me know if something else is needed. best regards, juan pablo On Thu, Jan 31, 2019 at 9:39 AM Henri Salo <henri () nerv fi> wrote:
On Wed, Jan 30, 2019 at 09:01:43PM +0100, Juan Pablo Santos Rodríguez wrote:Versions Affected: Apache JSPWiki up to 2.10.5 Description: A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, which could lead to session hijacking. Mitigation: Apache JSPWiki users should upgrade to 2.11.0.M1 or later. Credit: This issue was discovered by Jamie Parfet.Do you have any Apache reference URLs for this issue? -- Henri Salo
Current thread:
- [CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki Juan Pablo Santos Rodríguez (Jan 31)
- Re: [CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki Henri Salo (Jan 31)
- Re: [CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki Juan Pablo Santos Rodríguez (Feb 01)
- Re: [CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki Henri Salo (Jan 31)