CVE-2019-0224
Published Mar 28, 2019
Last updated a year ago
Overview
- Description
- In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.
- Source
- security@apache.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8CB0BA31-EE4B-417A-A794-CE825A4DCEE6",
"versionEndIncluding": "2.10.5",
"versionStartIncluding": "2.9.0"
},
{
"criteria": "cpe:2.3:a:apache:jspwiki:2.11.0:milestone1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1D391ED8-C176-4C60-BC0D-D92E6DF7CA57"
},
{
"criteria": "cpe:2.3:a:apache:jspwiki:2.11.0:milestone1-rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B85C9FA6-A699-48DE-A2DA-52363B21C319"
},
{
"criteria": "cpe:2.3:a:apache:jspwiki:2.11.0:milestone1-rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66D0D950-02DD-4D47-ADA6-F030E3A38584"
},
{
"criteria": "cpe:2.3:a:apache:jspwiki:2.11.0:milestone1-rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA52AF2B-E714-4769-A9D4-DB46C1ACFFA5"
},
{
"criteria": "cpe:2.3:a:apache:jspwiki:2.11.0:milestone2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F88F497A-C3A3-4363-BBFA-249C465DD6CD"
},
{
"criteria": "cpe:2.3:a:apache:jspwiki:2.11.0:milestone2-rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A2FEDF8-A4F7-42B6-BC4C-60CC1F08845A"
}
],
"operator": "OR"
}
]
}
]