org.apache.jspwiki:jspwiki-war (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.jspwiki:jspwiki-war, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2019-0225 — CVSS 7.5 (high): A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2…
CVE-2019-10076 — CVSS 6.1 (medium): A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to…
CVE-2019-10077 — CVSS 6.1 (medium): A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session…
CVE-2019-10078 — CVSS 6.1 (medium): A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to…
CVE-2019-10087 — CVSS 6.1 (medium): On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache…
CVE-2019-10089 — CVSS 6.1 (medium): On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache…
CVE-2019-10090 — CVSS 6.1 (medium): On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache…
CVE-2019-12404 — CVSS 6.1 (medium): On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache…
CVE-2019-12407 — CVSS 6.1 (medium): On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache…
CVE-2018-20242 — CVSS 6.1 (medium): A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session…
CVE-2022-46907 — CVSS 6.1 (medium): A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker…