[jira] [Updated] (JSPWIKI-1093) Reflected XSS in JSPWiki v2.11.0-M1

JIRA Tue, 26 Mar 2019 14:50:04 -0700


     [ 
https://issues.apache.org/jira/browse/JSPWIKI-1093?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Juan Pablo Santos Rodríguez updated JSPWIKI-1093:
-------------------------------------------------
    Security:     (was: Security Vulnerability Disclosure)

removed security level as the issue has now been made public.

> Reflected XSS in JSPWiki v2.11.0-M1
> -----------------------------------
>
>                 Key: JSPWIKI-1093
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-1093
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Templates and UI
>    Affects Versions: 2.10.3, 2.10.4, 2.10.5, 2.11.0-M1, 2.11.0-M2
>            Reporter: brushed
>            Assignee: brushed
>            Priority: Critical
>             Fix For: 2.11.0-M3
>
>
>  ---------- Forwarded message ---------
> From: Muthukumar Marikani 
> <[[email protected]|mailto:[email protected]]>
> Date: Fri, Mar 15, 2019 at 1:14 PM
> Subject: Reflected XSS in JSPWiki v2.11.0-M1
> To: security <[[email protected]|mailto:[email protected]]>
> Hi,
> I have found a reflected XSS vulnerability in JSPWiki v2.11.0-M1
> [snip]
> An attacker can execute javascript in victim's browser by sending crafted url 
> to victim
> Recommended fix :
> Encode the values which are from user end
> Product       :  JSPWiki
> Version       :  v2.11.0-M1
> Verified in   :  firefox 65.0.1 , MacOS 10.12.6
> Severity      :  Medium
> Regards,
> Muthukumar Marikani (unknown_person)
> ZOHO-CRM Security Team
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (JSPWIKI-1093) Reflected XSS in JSPWiki v2.11.0-M1

Reply via email to