Severity: moderate
Description:
A carefully crafted request on several JSPWiki plugins could trigger
an XSS vulnerability on Apache JSPWiki, which could allow the attacker
to execute javascript in the victim's browser and get some sensitive
information about the victim.
Mitigation:
Apache
The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.12.0.
This is the first release on the 2.12 series of Apache JSPWiki, a
feature-rich and
extensible WikiWiki engine built around the standard JEE components.
The release is available here:
Severity: critical
Description:
A carefully crafted invocation on the Image plugin could trigger an CSRF
vulnerability on Apache JSPWiki, which could allow a group privilege escalation
of the attacker's account. Further examination of this issue established that
it could also be used to
Severity: moderate
Description:
A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability
on Apache JSPWiki, which could allow the attacker to execute javascript in the
victim's browser and get some sensitive information about the victim.
Mitigation:
Apache JSPWiki
Severity: critical
Description:
A carefully crafted request on UserPreferences.jsp could trigger an CSRF
vulnerability on Apache JSPWiki, which could allow the attacker to modify the
email associated with the attacked account, and then a reset password request
from the login page.
Severity: moderate
Description:
A carefully crafted request on AJAXPreview.jsp could trigger an XSS
vulnerability on Apache JSPWiki, which could allow the attacker to execute
javascript in the victim's browser and get some sensitive information about the
victim.
This vulnerability leverages
Severity: moderate
Description:
A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS
vulnerability on Apache JSPWiki, which could allow the attacker to execute
javascript in the victim's browser and get some sensitive information about the
victim
Credit:
Issue was
The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.11.3.
This is the fourth release on the 2.11 series of Apache JSPWiki, a
feature-rich and
extensible WikiWiki engine built around the standard JEE components.
The release is available here:
The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.11.2.
This is the third release on the 2.11 series of Apache JSPWiki, a
feature-rich and
extensible WikiWiki engine built around the standard JEE components.
The release is available here:
Severity
Medium
Vendor
The Apache Software Foundation
Versions Affected
Apache JSPWiki up to 2.11.1
Description
A carefully crafted user preferences for submission could trigger an
XSS vulnerability on Apache JSPWiki, related to the user preferences
screen, which could allow the attacker to
Severity
Critical
Vendor
The Apache Software Foundation
Versions Affected
Apache JSPWiki up to 2.11.1
Description
Apache JSPWiki user preferences form is vulnerable to CSRF attacks,
which can lead to account takeover.
Mitigation
Apache JSPWiki users should upgrade to 2.11.2 or later.
The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.11.1.
This is the second release on the 2.11 series of Apache JSPWiki, a
feature-rich and
extensible WikiWiki engine built around the standard JEE components.
The release is available here:
The Apache JSPWiki team is pleased to announce the release of JSPWiki 2.11.0.
This is the first release after eight milestones on the 2.11 series of
Apache JSPWiki,
a feature-rich and extensible WikiWiki engine built around the
standard JEE components.
The release is available here:
Severity
Critical
Vendor
The Apache Software Foundation
Versions Affected
Apache JSPWiki up to 2.11.0.M8
Description
Remote attackers may delete arbitrary files in a system hosting a
JSPWiki instance by using a carefuly crafted http request on logout,
given that those files are reachable to the
Severity
Medium
Vendor
The Apache Software Foundation
Versions Affected
Apache JSPWiki up to 2.11.0.M8
Description
A carefully crafted plugin link invocation could trigger an XSS
vulnerability on Apache JSPWiki, related to the Denounce plugin, which
could allow the attacker to execute
The Apache JSPWiki team is pleased to announce the release of JSPWiki
2.11.0.M8.
This is the eighth release towards the 2.11 series of Apache JSPWiki, a
feature-rich and
extensible WikiWiki engine built around the standard JEE components. M#
releases are as
production-ready as any other JSPWiki
The Apache JSPWiki team is pleased to announce the release of JSPWiki
2.11.0.M7.
This is the seventh release towards the 2.11 series of Apache JSPWiki, a
feature-rich and
extensible WikiWiki engine built around the standard JEE components. M#
releases are as
production-ready as any other JSPWiki
The Apache JSPWiki team is pleased to announce the release of JSPWiki
2.11.0.M6.
This is the sixth release towards the 2.11 series of Apache JSPWiki, a
feature-rich and
extensible WikiWiki engine built around the standard JEE components. M#
releases are as
production-ready as any other JSPWiki
Severity
Medium
Vendor
The Apache Software Foundation
Versions Affected
Apache JSPWiki up to 2.11.0.M4
Description
A carefully crafted plugin link invocation could trigger an XSS
vulnerability on Apache JSPWiki, related to the remember parameter on some
of the JSPs, which could allow the
Severity
Medium
Vendor
The Apache Software Foundation
Versions Affected
Apache JSPWiki up to 2.11.0.M4
Description
A carefully crafted plugin link invocation could trigger an XSS
vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could
allow the attacker to execute javascript in
Severity
Medium
Vendor
The Apache Software Foundation
Versions Affected
Apache JSPWiki up to 2.11.0.M4
Description
A carefully crafted plugin link invocation could trigger an XSS
vulnerability on Apache JSPWiki, related to the plain editor, which could
allow the attacker to execute javascript
Severity
Medium
Vendor
The Apache Software Foundation
Versions Affected
Apache JSPWiki up to 2.11.0.M4
Description
A carefully crafted plugin link invocation could trigger an XSS
vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could
allow the attacker to execute javascript
Severity
Medium
Vendor
The Apache Software Foundation
Versions Affected
Apache JSPWiki up to 2.11.0.M4
Description
A carefully crafted plugin link invocation could trigger an XSS
vulnerability on Apache JSPWiki, related to the Page Revision History,
which could allow the attacker to execute
The Apache JSPWiki team is pleased to announce the release of JSPWiki
2.11.0.M5.
This is the fifth release towards the 2.11 series of Apache JSPWiki, a
feature-rich and
extensible WikiWiki engine built around the standard JEE components. M#
releases are as
production-ready as any other JSPWiki
Severity
Medium
Vendor
The Apache Software Foundation
Versions Affected
Apache JSPWiki up to 2.11.0.M3
Description
A carefully crafted plugin link invocation could trigger an XSS
vulnerability on Apache JSPWiki, which could lead to session hijacking.
Initial reporting indicated
Severity
Medium
Vendor
The Apache Software Foundation
Versions Affected
Apache JSPWiki up to 2.11.0.M3
Description
A carefully crafted InterWiki link could trigger an XSS vulnerability on
Apache JSPWiki, which could lead to session hijacking.
Mitigation
Apache JSPWiki users should upgrade to
Severity
Medium
Vendor
The Apache Software Foundation
Versions Affected
Apache JSPWiki up to 2.11.0.M3
Description
A carefully crafted malicious attachment could trigger an XSS vulnerability
on Apache JSPWiki, which could lead to session hijacking.
Mitigation
Apache JSPWiki users should
The Apache JSPWiki team is pleased to announce the release of JSPWiki
2.11.0.M4.
This is the fourth release towards the 2.11 series of Apache JSPWiki, a
feature-rich and
extensible WikiWiki engine built around the standard JEE components. M#
releases are as
production-ready as any other JSPWiki
Severity: Medium
Vendor: The Apache Software Foundation
Versions Affected: Apache JSPWiki up to 2.11.0.M2
Description:
A carefully crafted URL could execute javascript on another user's session.
No information could be saved on the server or jspwiki database, nor would
an attacker be able to
Severity: High
Vendor: The Apache Software Foundation
Versions Affected: Apache JSPWiki up to 2.11.0.M2
Description:
A specially crafted url could be used to access files under the ROOT
directory of the application on Apache JSPWiki, which could be used by an
attacker to obtain registered
The Apache JSPWiki team is pleased to announce the release of JSPWiki
2.11.0.M2.
This is the second release towards the 2.11 series of Apache JSPWiki, a
feature-rich and
extensible WikiWiki engine built around the standard JEE components. M#
releases are as
production-ready as any other JSPWiki
The Apache JSPWiki team is pleased to announce the release of JSPWiki
2.11.0.M1.
This is the first release towards the 2.11 series of Apache JSPWiki, a
feature-rich and
extensible WikiWiki engine built around the standard JEE components. M#
releases are as
production-ready as any other JSPWiki
The Apache JSPWiki team is pleased to announce the release of JSPWiki
2.10.5.
This is the fifth release on the 2.10 series of Apache JSPWiki, a
feature-rich and
extensible WikiWiki engine built around the standard JEE components.
The release is available here:
The Apache JSPWiki team is pleased to announce the release of JSPWiki
2.10.4.
This is the fourth release on the 2.10 series of Apache JSPWiki, a
feature-rich and
extensible WikiWiki engine built around the standard JEE components.
The release is available here:
The Apache JSPWiki team is pleased to announce the release of JSPWiki
2.10.2.
This is the third release on the 2.10 series of Apache JSPWiki, a
feature-rich and
extensible WikiWiki engine built around the standard JEE components.
The release is available here:
The Apache JSPWiki team is pleased to announce the release of JSPWiki
2.10.1.
This is the second release on the 2.10 series of Apache JSPWiki, a
feature-rich and
extensible WikiWiki engine built around the standard JEE components.
The release is available here:
The Apache JSPWiki team is pleased to announce the release of JSPWiki
2.10.0.
This is the 2.10.0 release of Apache JSPWiki, a feature-rich and
extensible WikiWiki engine built around the standard JEE components.
The release is available here:
http://www.apache.org/dyn/closer.cgi/jspwiki/
The Apache JSPWiki team is pleased to announce the release of JSPWiki
2.9.1-incubating from the Apache Incubator.
This is the second release of Apache JSPWiki, a feature-rich and
extensible WikiWiki engine built around the standard J2EE components.
The release is available here:
38 matches
Mail list logo