CVE-2019-12404

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-12404

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12404.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-12404

Aliases

GHSA-7qmg-qg53-mrp8

Published

2019-09-23T15:15:10.483Z

Modified

2026-02-12T00:26:33.127903Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12404

Affected packages

Git / github.com/apache/jspwiki

Affected ranges

Type: GIT
Repo: https://github.com/apache/jspwiki
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1b7f36e1ab997bcdc07f9f27f8ee8f692648411d

Affected versions

2.*

2.10.3

2.10.3-RC1

2.10.3-RC2

2.10.4

2.10.4-RC1

2.10.4-RC2

2.10.4-RC3

2.10.5

2.10.5-RC1

2.10.5-RC2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12404.json"