[CVE-2019-10078] Apache JSPWiki Cross-site scripting vulnerability

[Juan Pablo Santos Rodríguez <juanpablo.santos () gmail com>]

[CVEID]:CVE-2019-10078
[PRODUCT]:Apache JSPWiki
[VERSION]:Apache JSPWiki 2.9.0 to 2.11.0.M3
[PROBLEMTYPE]:Cross-site scripting vulnerability
[REFERENCES]:https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10078
[DESCRIPTION]:A carefully crafted plugin link invocation could trigger an
XSS vulnerability  on Apache JSPWiki, which could lead to session
hijacking. Initial reporting indicated ReferredPagesPlugin, but further
analysis showed that multiple plugins were vulnerable.