CVE-2019-10090 Information

Description

On Apache JSPWiki up to version 2.11.0.M4 a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki related to the plain editor which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10090

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1