Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
2.10.3, 2.10.4, 2.10.5, 2.11.0-M1, 2.11.0-M2
-
None
Description
---------- Forwarded message ---------
From: Muthukumar Marikani <muthukumar.marikani@zohocorp.com
>
Date: Fri, Mar 15, 2019 at 1:14 PM
Subject: Reflected XSS in JSPWiki v2.11.0-M1
To: security <security@apache.org>
Hi,
I have found a reflected XSS vulnerability in JSPWiki v2.11.0-M1
[snip]
An attacker can execute javascript in victim's browser by sending crafted url to victim
Recommended fix :
Encode the values which are from user end
Product : JSPWiki
Version : v2.11.0-M1
Verified in : firefox 65.0.1 , MacOS 10.12.6
Severity : Medium
Regards,
Muthukumar Marikani (unknown_person)
ZOHO-CRM Security Team