[ https://issues.apache.org/jira/browse/JSPWIKI-1093?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Juan Pablo Santos RodrÃguez closed JSPWIKI-1093. ------------------------------------------------ > Reflected XSS in JSPWiki v2.11.0-M1 > ----------------------------------- > > Key: JSPWIKI-1093 > URL: https://issues.apache.org/jira/browse/JSPWIKI-1093 > Project: JSPWiki > Issue Type: Bug > Components: Templates and UI > Affects Versions: 2.10.3, 2.10.4, 2.10.5, 2.11.0-M1, 2.11.0-M2 > Reporter: brushed > Assignee: brushed > Priority: Critical > Fix For: 2.11.0-M3 > > > ---------- Forwarded message --------- > From: Muthukumar Marikani > <[muthukumar.marik...@zohocorp.com|mailto:muthukumar.marik...@zohocorp.com]> > Date: Fri, Mar 15, 2019 at 1:14 PM > Subject: Reflected XSS in JSPWiki v2.11.0-M1 > To: security <[secur...@apache.org|mailto:secur...@apache.org]> > Hi, > I have found a reflected XSS vulnerability in JSPWiki v2.11.0-M1 > [snip] > An attacker can execute javascript in victim's browser by sending crafted url > to victim > Recommended fix : > Encode the values which are from user end > Product : JSPWiki > Version : v2.11.0-M1 > Verified in : firefox 65.0.1 , MacOS 10.12.6 > Severity : Medium > Regards, > Muthukumar Marikani (unknown_person) > ZOHO-CRM Security Team > -- This message was sent by Atlassian JIRA (v7.6.3#76005)