You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by Juan Pablo Santos RodrÃguez <ju...@apache.org> on 2019/01/30 20:00:32 UTC
[CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on
Apache JSPWiki
Severity: Medium
Vendor: The Apache Software Foundation
Versions Affected: Apache JSPWiki up to 2.10.5
Description:
A carefully crafted URL could trigger an XSS vulnerability on Apache
JSPWiki, which could lead to session hijacking.
Mitigation:
Apache JSPWiki users should upgrade to 2.11.0.M1 or later.
Credit:
This issue was discovered by Jamie Parfet.