CVE-2019-10078
CVE-2019-10078
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 4.9%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
20 may 2019Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.
Productos afectados
Apache Software Foundation · Apache JSPWiki¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10078https://lists.apache.org/thread.html/24f324ef11e43ba89ec9aac3725a5ecd4289835639c476299e7660d9%40%3Cdev.jspwiki.apache.org%3Ehttps://lists.apache.org/thread.html/959811b776e1a332a1a4295405b683fd64190d079a7c3028f1c314d7%40%3Cdev.jspwiki.apache.org%3Ehttps://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16%40%3Ccommits.jspwiki.apache.org%3Ehttp://www.openwall.com/lists/oss-security/2019/05/19/6http://www.securityfocus.com/bid/108437