[
https://issues.apache.org/jira/browse/JSPWIKI-1093?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Juan Pablo Santos RodrÃguez closed JSPWIKI-1093.
------------------------------------------------
> Reflected XSS in JSPWiki v2.11.0-M1
> -----------------------------------
>
> Key: JSPWIKI-1093
> URL: https://issues.apache.org/jira/browse/JSPWIKI-1093
> Project: JSPWiki
> Issue Type: Bug
> Components: Templates and UI
> Affects Versions: 2.10.3, 2.10.4, 2.10.5, 2.11.0-M1, 2.11.0-M2
> Reporter: brushed
> Assignee: brushed
> Priority: Critical
> Fix For: 2.11.0-M3
>
>
> ---------- Forwarded message ---------
> From: Muthukumar Marikani
> <[muthukumar.marik...@zohocorp.com|mailto:muthukumar.marik...@zohocorp.com]>
> Date: Fri, Mar 15, 2019 at 1:14 PM
> Subject: Reflected XSS in JSPWiki v2.11.0-M1
> To: security <[secur...@apache.org|mailto:secur...@apache.org]>
> Hi,
> I have found a reflected XSS vulnerability in JSPWiki v2.11.0-M1
> [snip]
> An attacker can execute javascript in victim's browser by sending crafted url
> to victim
> Recommended fix :
> Encode the values which are from user end
> Product : JSPWiki
> Version : v2.11.0-M1
> Verified in : firefox 65.0.1 , MacOS 10.12.6
> Severity : Medium
> Regards,
> Muthukumar Marikani (unknown_person)
> ZOHO-CRM Security Team
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
