oss-sec mailing list archives
Re: [CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki
From: Henri Salo <henri () nerv fi>
Date: Thu, 31 Jan 2019 10:39:43 +0200
On Wed, Jan 30, 2019 at 09:01:43PM +0100, Juan Pablo Santos Rodríguez wrote:
Versions Affected: Apache JSPWiki up to 2.10.5 Description: A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, which could lead to session hijacking. Mitigation: Apache JSPWiki users should upgrade to 2.11.0.M1 or later. Credit: This issue was discovered by Jamie Parfet.
Do you have any Apache reference URLs for this issue? -- Henri Salo
Current thread:
- [CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki Juan Pablo Santos Rodríguez (Jan 31)
- Re: [CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki Henri Salo (Jan 31)
- Re: [CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki Juan Pablo Santos Rodríguez (Feb 01)
- Re: [CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki Henri Salo (Jan 31)