-
Type:
Bug
-
Status: Closed
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 2.10.3, 2.10.4, 2.10.5, 2.11.0-M1, 2.11.0-M2
-
Fix Version/s: 2.11.0-M3
-
Component/s: Templates and UI
-
Labels:None
---------- Forwarded message ---------
From: Muthukumar Marikani <muthukumar.marikani@zohocorp.com>
Date: Fri, Mar 15, 2019 at 1:14 PM
Subject: Reflected XSS in JSPWiki v2.11.0-M1
To: security <security@apache.org>
Hi,
I have found a reflected XSS vulnerability in JSPWiki v2.11.0-M1
[snip]
An attacker can execute javascript in victim's browser by sending crafted url to victim
Recommended fix :
Encode the values which are from user end
Product : JSPWiki
Version : v2.11.0-M1
Verified in : firefox 65.0.1 , MacOS 10.12.6
Severity : Medium
Regards,
Muthukumar Marikani (unknown_person)
ZOHO-CRM Security Team