Apache JSPWiki CVE-2018-20242 Cross Site Scripting Vulnerability

Bugtraq ID:	106804
Class:	Input Validation Error
CVE:	CVE-2018-20242
Remote:	Yes
Local:	No
Published:	Jan 30 2019 12:00AM
Updated:	Jan 30 2019 12:00AM
Credit:	Jamie Parfet
Vulnerable:	JSPWiki JSPWiki 2.5.139 Beta JSPWiki JSPWiki 2.5.139 JSPWiki JSPWiki 2.4.104 JSPWiki JSPWiki 2.4.103 JSPWiki JSPWiki 2.1.123 JSPWiki JSPWiki 2.1.122 JSPWiki JSPWiki 2.1.121 JSPWiki JSPWiki 2.1.120 JSPWiki JSPWiki 2.5.139-Beta JSPWiki JSPWiki 2.4 Apache JSPWiki 2.10.4 Apache JSPWiki 2.10.3
Not Vulnerable:	Apache JSPWiki 2.11.0.M1

Apache JSPWiki CVE-2018-20242 Cross Site Scripting Vulnerability

Apache JSPWiki is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Apache JSPWiki 2.10.5 and prior are vulnerable.

Apache JSPWiki CVE-2018-20242 Cross Site Scripting Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Apache JSPWiki CVE-2018-20242 Cross Site Scripting Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Apache JSPWiki CVE-2018-20242 Cross Site Scripting Vulnerability

References:

• Apache Homepage (Apache)
  
• [CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on Apache JSP (Seclists.org)
  
• [CVE-2018-20242] Apache JSPWiki Cross-site scripting vulnerability on Apache JSP (Apache)
  
• Apache JSPWiki Cross-site scripting vulnerability on Apache JSPWiki (Apache)