[ 
https://issues.apache.org/jira/browse/JSPWIKI-1093?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Juan Pablo Santos Rodríguez closed JSPWIKI-1093.
------------------------------------------------

> Reflected XSS in JSPWiki v2.11.0-M1
> -----------------------------------
>
>                 Key: JSPWIKI-1093
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-1093
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Templates and UI
>    Affects Versions: 2.10.3, 2.10.4, 2.10.5, 2.11.0-M1, 2.11.0-M2
>            Reporter: brushed
>            Assignee: brushed
>            Priority: Critical
>             Fix For: 2.11.0-M3
>
>
>  ---------- Forwarded message ---------
> From: Muthukumar Marikani 
> <[muthukumar.marik...@zohocorp.com|mailto:muthukumar.marik...@zohocorp.com]>
> Date: Fri, Mar 15, 2019 at 1:14 PM
> Subject: Reflected XSS in JSPWiki v2.11.0-M1
> To: security <[secur...@apache.org|mailto:secur...@apache.org]>
> Hi,
> I have found a reflected XSS vulnerability in JSPWiki v2.11.0-M1
> [snip]
> An attacker can execute javascript in victim's browser by sending crafted url 
> to victim
> Recommended fix :
> Encode the values which are from user end
> Product       :  JSPWiki
> Version       :  v2.11.0-M1
> Verified in   :  firefox 65.0.1 , MacOS 10.12.6
> Severity      :  Medium
> Regards,
> Muthukumar Marikani (unknown_person)
> ZOHO-CRM Security Team
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to