Apache

Jspwiki

24 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2022-24947

  • EPSS 2.13%
  • Published 25.02.2022 09:15:07
  • Last modified 21.11.2024 06:51:26

Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.

9.1

CVE-2021-44140

  • EPSS 6.73%
  • Published 24.11.2021 12:15:07
  • Last modified 21.11.2024 06:30:25

Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. Apache JS...

6.1

CVE-2021-40369

  • EPSS 14.81%
  • Published 24.11.2021 12:15:07
  • Last modified 21.11.2024 06:23:58

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the...

6.1

CVE-2019-12407

  • EPSS 5.21%
  • Published 23.09.2019 16:15:14
  • Last modified 21.11.2024 04:22:46

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript i...

6.1

CVE-2019-10090

  • EPSS 5.16%
  • Published 23.09.2019 16:15:14
  • Last modified 21.11.2024 04:18:23

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and...

6.1

CVE-2019-12404

  • EPSS 5.21%
  • Published 23.09.2019 15:15:10
  • Last modified 21.11.2024 04:22:46

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and ...

6.1

CVE-2019-10089

  • EPSS 5.16%
  • Published 23.09.2019 15:15:10
  • Last modified 21.11.2024 04:18:22

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser a...

6.1

CVE-2019-10087

  • EPSS 5.21%
  • Published 23.09.2019 15:15:10
  • Last modified 21.11.2024 04:18:22

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's br...

6.1

CVE-2019-10078

  • EPSS 3.23%
  • Published 20.05.2019 21:29:00
  • Last modified 21.11.2024 04:18:21

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plug...

6.1

CVE-2019-10077

  • EPSS 3.19%
  • Published 20.05.2019 21:29:00
  • Last modified 21.11.2024 04:18:21

A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.