small correction: the appropiate reference url is https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12407
On Fri, Sep 20, 2019 at 3:17 PM Juan Pablo Santos Rodríguez < juanpa...@apache.org> wrote: > Severity > Medium > > Vendor > The Apache Software Foundation > > Versions Affected > Apache JSPWiki up to 2.11.0.M4 > > Description > A carefully crafted plugin link invocation could trigger an XSS > vulnerability on Apache JSPWiki, related to the remember parameter on some > of the JSPs, which could allow the attacker to execute javascript in the > victim's browser and get some sensitive information about the victim. > > Mitigation > Apache JSPWiki users should upgrade to 2.11.0.M5 or later. > > Credit > This issue was discovered by ADLab of VenusTech. > > ref: https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12404 >