Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M3
purl pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0.M3
Next non-vulnerable version 2.11.2
Latest non-vulnerable version 2.12.0
Risk
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-pq48-q59y-bfhd
Aliases:
CVE-2019-10078
GHSA-hp5r-mhgp-56c9
Cross-site Scripting A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki which could lead to session hijacking. Initial reporting indicated `ReferredPagesPlugin`, but further analysis showed that multiple plugins were vulnerable.
2.11.0.M4
Affected by 4 other vulnerabilities.
VCID-wbfe-sm9a-vkh2
Aliases:
CVE-2019-10077
GHSA-cj6j-32rg-45r2
Cross-site Scripting A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki, which could lead to session hijacking.
2.11.0.M4
Affected by 4 other vulnerabilities.
VCID-z47r-8zww-u7d1
Aliases:
CVE-2019-10076
GHSA-cxx2-fp39-rf3r
Cross-site Scripting A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki, which could lead to session hijacking.
2.11.0.M4
Affected by 4 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-hpr3-f4s8-43ae Cross-site Scripting In Apache JSPWiki, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser. CVE-2019-0224
GHSA-fmpq-w5q6-9vf9
VCID-p84k-d4tc-3fhv Path Traversal A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki which could be used by an attacker to obtain registered users' details. CVE-2019-0225
GHSA-pffw-p2q5-w6vh

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-31T00:51:42.858512+00:00 GHSA Importer Affected by VCID-pq48-q59y-bfhd https://github.com/advisories/GHSA-hp5r-mhgp-56c9 38.6.0
2026-05-31T00:51:42.750801+00:00 GHSA Importer Affected by VCID-wbfe-sm9a-vkh2 https://github.com/advisories/GHSA-cj6j-32rg-45r2 38.6.0
2026-05-31T00:51:42.710442+00:00 GHSA Importer Affected by VCID-z47r-8zww-u7d1 https://github.com/advisories/GHSA-cxx2-fp39-rf3r 38.6.0
2026-05-31T00:51:32.420257+00:00 GHSA Importer Fixing VCID-p84k-d4tc-3fhv https://github.com/advisories/GHSA-pffw-p2q5-w6vh 38.6.0
2026-05-30T20:55:08.397685+00:00 GitLab Importer Affected by VCID-wbfe-sm9a-vkh2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.jspwiki/jspwiki-war/CVE-2019-10077.yml 38.6.0
2026-05-30T20:55:08.361024+00:00 GitLab Importer Affected by VCID-pq48-q59y-bfhd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.jspwiki/jspwiki-war/CVE-2019-10078.yml 38.6.0
2026-05-30T20:54:57.161323+00:00 GitLab Importer Fixing VCID-hpr3-f4s8-43ae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.jspwiki/jspwiki-war/CVE-2019-0224.yml 38.6.0
2026-05-30T20:54:56.990436+00:00 GitLab Importer Fixing VCID-p84k-d4tc-3fhv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.jspwiki/jspwiki-war/CVE-2019-0225.yml 38.6.0