CVE-2019-0224

In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:milestone1-rc1:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:milestone1-rc2:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:milestone1-rc3:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:jspwiki:2.11.0:milestone2-rc1:*:*:*:*:*:*

History

21 Nov 2024, 04:16

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/107631 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/107631 - Third Party Advisory, VDB Entry
References () https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0224 - Vendor Advisory () https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0224 - Vendor Advisory
References () https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16%40%3Ccommits.jspwiki.apache.org%3E - () https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16%40%3Ccommits.jspwiki.apache.org%3E -
References () https://lists.apache.org/thread.html/b4b4992a93d899050c1117a07c3c7fc9a175ec0672ab97065228de67%40%3Cdev.jspwiki.apache.org%3E - () https://lists.apache.org/thread.html/b4b4992a93d899050c1117a07c3c7fc9a175ec0672ab97065228de67%40%3Cdev.jspwiki.apache.org%3E -
References () https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1%40%3Ccommits.jspwiki.apache.org%3E - () https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1%40%3Ccommits.jspwiki.apache.org%3E -

07 Nov 2023, 03:01

Type Values Removed Values Added
References
  • {'url': 'https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E', 'name': '[jspwiki-commits] 20190519 [jspwiki-site] branch jbake updated: added CVE-2019-10076, CVE-2019-10077 and CVE-2019-10078 vulnerability disclosures', 'tags': [], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/b4b4992a93d899050c1117a07c3c7fc9a175ec0672ab97065228de67@%3Cdev.jspwiki.apache.org%3E', 'name': '[jspwiki-dev] 20190326 [CVE-2019-0224] Apache JSPWiki Cross-site scripting vulnerability', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E', 'name': '[jspwiki-commits] 20190329 [jspwiki-site] branch jbake updated: add CVE-2019-0224 and CVE-2019-0225 vulnerability disclosures', 'tags': ['Mailing List', 'Patch', 'Vendor Advisory'], 'refsource': 'MLIST'}
  • () https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1%40%3Ccommits.jspwiki.apache.org%3E -
  • () https://lists.apache.org/thread.html/b4b4992a93d899050c1117a07c3c7fc9a175ec0672ab97065228de67%40%3Cdev.jspwiki.apache.org%3E -
  • () https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16%40%3Ccommits.jspwiki.apache.org%3E -

Information

Published : 2019-03-28 21:29

Updated : 2024-11-21 04:16


NVD link : CVE-2019-0224

Mitre link : CVE-2019-0224

CVE.ORG link : CVE-2019-0224


JSON object : View

Products Affected

apache

  • jspwiki
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')