[{ALLOW edit Admin}]
[{ALLOW view All}]
!! [[CVE-2019-10077] Apache JSPWiki Cross-site scripting vulnerability on Interwiki links

__Severity__  \\
Medium

__Vendor__  \\
The Apache Software Foundation

__Versions Affected__  \\
Apache JSPWiki up to 2.11.0.M3

__Description__ \\
A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki, which could lead to session hijacking.

__Mitigation__ \\
Apache JSPWiki users should upgrade to 2.11.0.M4 or later.

__Credit__ \\
This issue was discovered by Jegatheesh A, from ZOHO-CRM Security team.


----
[CVE]

[{PageViewPlugin}]