CVE-2018-20242

A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:*

History

07 Nov 2023, 02:56

Type Values Removed Values Added
References
  • {'url': 'https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E', 'name': '[jspwiki-commits] 20190519 [jspwiki-site] branch jbake updated: added CVE-2019-10076, CVE-2019-10077 and CVE-2019-10078 vulnerability disclosures', 'tags': [], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/8ee4644432c0a433c5c514a57d940cf6dcb0a0094acd97b36290f0b4@%3Cuser.jspwiki.apache.org%3E', 'name': '[user] 20190130 [CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability onApache JSPWiki', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E', 'name': '[jspwiki-commits] 20190329 [jspwiki-site] branch jbake updated: add CVE-2019-0224 and CVE-2019-0225 vulnerability disclosures', 'tags': [], 'refsource': 'MLIST'}
  • () https://lists.apache.org/thread.html/8ee4644432c0a433c5c514a57d940cf6dcb0a0094acd97b36290f0b4%40%3Cuser.jspwiki.apache.org%3E -
  • () https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1%40%3Ccommits.jspwiki.apache.org%3E -
  • () https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16%40%3Ccommits.jspwiki.apache.org%3E -

Information

Published : 2019-02-11 21:29

Updated : 2023-12-10 12:44


NVD link : CVE-2018-20242

Mitre link : CVE-2018-20242

CVE.ORG link : CVE-2018-20242


JSON object : View

Products Affected

apache

  • jspwiki
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')