CVE-2019-0224 Information

Feb 14, 2021 cve

Description

In Apache JSPWiki 2.9.0 to 2.11.0.M2 a carefully crafted URL could execute javascript on another user’s session. No information could be saved on the server or jspwiki database nor would an attacker be able to execute js on someone else’s browser; only on its own browser.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

http://www.securityfocus.com/bid/107631 https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0224 https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@3Ccommits.jspwiki.apache.org3E https://lists.apache.org/thread.html/b4b4992a93d899050c1117a07c3c7fc9a175ec0672ab97065228de67@3Cdev.jspwiki.apache.org3E https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@3Ccommits.jspwiki.apache.org3E

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1

Share on: