Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M2
Typemaven
Namespaceorg.apache.jspwiki
Namejspwiki-main
Version2.11.0.M2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.11.0.M5
Latest_non_vulnerable_version2.12.3
Affected_by_vulnerabilities
0
url VCID-7ckf-bdvx-qkh9
vulnerability_id VCID-7ckf-bdvx-qkh9
summary 
Cross-site Scripting
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki which could lead to session hijacking. Initial reporting indicated `ReferredPagesPlugin`, but further analysis showed that multiple plugins were vulnerable.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10078
reference_id
reference_type
scores
0
value 0.0305
scoring_system epss
scoring_elements 0.86942
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10078
1
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10078
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10078
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10078
reference_id CVE-2019-10078
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10078
3
reference_url https://github.com/advisories/GHSA-hp5r-mhgp-56c9
reference_id GHSA-hp5r-mhgp-56c9
reference_type
scores
url https://github.com/advisories/GHSA-hp5r-mhgp-56c9
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M4
purl pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hu3x-x6ze-8ya7
1
vulnerability VCID-ng2g-et6p-nfgh
2
vulnerability VCID-u3f1-j3gz-m7cf
3
vulnerability VCID-y2nn-5x4r-pygx
4
vulnerability VCID-y618-1jjp-b7gz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M4
aliases CVE-2019-10078, GHSA-hp5r-mhgp-56c9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ckf-bdvx-qkh9
1
url VCID-hu3x-x6ze-8ya7
vulnerability_id VCID-hu3x-x6ze-8ya7
summary Carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10090
reference_id
reference_type
scores
0
value 0.04374
scoring_system epss
scoring_elements 0.89154
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10090
1
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10090
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10090
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10090
reference_id CVE-2019-10090
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10090
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M5
purl pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M5
aliases CVE-2019-10090, GHSA-g6ww-2x43-h963
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hu3x-x6ze-8ya7
2
url VCID-ng2g-et6p-nfgh
vulnerability_id VCID-ng2g-et6p-nfgh
summary Carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to `InfoContent.jsp`, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12404
reference_id
reference_type
scores
0
value 0.04421
scoring_system epss
scoring_elements 0.89213
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12404
1
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12404
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12404
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12404
reference_id CVE-2019-12404
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12404
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M5
purl pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M5
aliases CVE-2019-12404, GHSA-7qmg-qg53-mrp8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ng2g-et6p-nfgh
3
url VCID-r8n2-f2bj-fud3
vulnerability_id VCID-r8n2-f2bj-fud3
summary 
Cross-site Scripting
A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki, which could lead to session hijacking.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10076
reference_id
reference_type
scores
0
value 0.03049
scoring_system epss
scoring_elements 0.8694
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10076
1
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10076
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10076
2
reference_url https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
3
reference_url http://www.openwall.com/lists/oss-security/2019/05/19/4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/05/19/4
4
reference_url http://www.securityfocus.com/bid/108437
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/108437
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10076
reference_id CVE-2019-10076
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10076
6
reference_url https://github.com/advisories/GHSA-cxx2-fp39-rf3r
reference_id GHSA-cxx2-fp39-rf3r
reference_type
scores
url https://github.com/advisories/GHSA-cxx2-fp39-rf3r
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M4
purl pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hu3x-x6ze-8ya7
1
vulnerability VCID-ng2g-et6p-nfgh
2
vulnerability VCID-u3f1-j3gz-m7cf
3
vulnerability VCID-y2nn-5x4r-pygx
4
vulnerability VCID-y618-1jjp-b7gz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M4
aliases CVE-2019-10076, GHSA-cxx2-fp39-rf3r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r8n2-f2bj-fud3
4
url VCID-s4g3-2p5v-v3dn
vulnerability_id VCID-s4g3-2p5v-v3dn
summary 
Cross-site Scripting
A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki, which could lead to session hijacking.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10077
reference_id
reference_type
scores
0
value 0.03016
scoring_system epss
scoring_elements 0.86858
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10077
1
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10077
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10077
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10077
reference_id CVE-2019-10077
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10077
3
reference_url https://github.com/advisories/GHSA-cj6j-32rg-45r2
reference_id GHSA-cj6j-32rg-45r2
reference_type
scores
url https://github.com/advisories/GHSA-cj6j-32rg-45r2
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M4
purl pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hu3x-x6ze-8ya7
1
vulnerability VCID-ng2g-et6p-nfgh
2
vulnerability VCID-u3f1-j3gz-m7cf
3
vulnerability VCID-y2nn-5x4r-pygx
4
vulnerability VCID-y618-1jjp-b7gz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M4
aliases CVE-2019-10077, GHSA-cj6j-32rg-45r2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s4g3-2p5v-v3dn
5
url VCID-u3f1-j3gz-m7cf
vulnerability_id VCID-u3f1-j3gz-m7cf
summary 
Cross-site Scripting
On Apache JSPWiki, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10087
reference_id
reference_type
scores
0
value 0.04421
scoring_system epss
scoring_elements 0.89213
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10087
1
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10087
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10087
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10087
reference_id CVE-2019-10087
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10087
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M5
purl pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M5
aliases CVE-2019-10087, GHSA-gwfq-qwmp-x9xg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u3f1-j3gz-m7cf
6
url VCID-v4jt-qkhw-pqbg
vulnerability_id VCID-v4jt-qkhw-pqbg
summary 
Cross-site Scripting
In Apache JSPWiki, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-0224
reference_id
reference_type
scores
0
value 0.02408
scoring_system epss
scoring_elements 0.8537
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-0224
1
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0224
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-0224
2
reference_url https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/b4b4992a93d899050c1117a07c3c7fc9a175ec0672ab97065228de67@%3Cdev.jspwiki.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b4b4992a93d899050c1117a07c3c7fc9a175ec0672ab97065228de67@%3Cdev.jspwiki.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1@%3Ccommits.jspwiki.apache.org%3E
5
reference_url http://www.securityfocus.com/bid/107631
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/107631
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-0224
reference_id CVE-2019-0224
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-0224
7
reference_url https://github.com/advisories/GHSA-fmpq-w5q6-9vf9
reference_id GHSA-fmpq-w5q6-9vf9
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-fmpq-w5q6-9vf9
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M3
purl pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7ckf-bdvx-qkh9
1
vulnerability VCID-hu3x-x6ze-8ya7
2
vulnerability VCID-ng2g-et6p-nfgh
3
vulnerability VCID-r8n2-f2bj-fud3
4
vulnerability VCID-s4g3-2p5v-v3dn
5
vulnerability VCID-u3f1-j3gz-m7cf
6
vulnerability VCID-y2nn-5x4r-pygx
7
vulnerability VCID-y618-1jjp-b7gz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M3
aliases CVE-2019-0224, GHSA-fmpq-w5q6-9vf9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v4jt-qkhw-pqbg
7
url VCID-y2nn-5x4r-pygx
vulnerability_id VCID-y2nn-5x4r-pygx
summary Carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10089
reference_id
reference_type
scores
0
value 0.04374
scoring_system epss
scoring_elements 0.89154
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10089
1
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10089
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10089
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10089
reference_id CVE-2019-10089
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10089
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M5
purl pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M5
aliases CVE-2019-10089, GHSA-3rx2-x6mx-grj3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y2nn-5x4r-pygx
8
url VCID-y618-1jjp-b7gz
vulnerability_id VCID-y618-1jjp-b7gz
summary 
Cross-site Scripting
On Apache JSPWiki, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12407
reference_id
reference_type
scores
0
value 0.04421
scoring_system epss
scoring_elements 0.89213
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12407
1
reference_url https://github.com/apache/jspwiki
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/jspwiki
2
reference_url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12407
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12407
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12407
reference_id CVE-2019-12407
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12407
fixed_packages
0
url pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M5
purl pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M5
aliases CVE-2019-12407, GHSA-p2r4-rpj8-m2p9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y618-1jjp-b7gz
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M2