CVE-2019-10076
- EPSS 3.22%
- Published 20.05.2019 21:29:00
- Last modified 21.11.2024 04:18:20
A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
CVE-2019-0225
- EPSS 3.59%
- Published 28.03.2019 22:29:00
- Last modified 21.11.2024 04:16:32
A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.
CVE-2019-0224
- EPSS 2.55%
- Published 28.03.2019 21:29:00
- Last modified 21.11.2024 04:16:31
In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; ...
CVE-2018-20242
- EPSS 1.4%
- Published 11.02.2019 21:29:00
- Last modified 21.11.2024 04:01:09
A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking.