Multiple Plugins in Apache JSPWiki 2.9.0 to 2.11.0.M3 Vulnerable to XSS Exploitation and Session Hijacking

CVE-2019-10078 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.

Learn more about our Cis Benchmark Audit For Apache Http Server.