{"url":"http://public2.vulnerablecode.io/api/packages/58040?format=json","purl":"pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0","type":"maven","namespace":"org.apache.jspwiki","name":"jspwiki-war","version":"2.11.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.11.2","latest_non_vulnerable_version":"2.12.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40995?format=json","vulnerability_id":"VCID-r8n2-f2bj-fud3","summary":"Cross-site Scripting\nA carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki, which could lead to session hijacking.","references":[{"reference_url":"https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10076","reference_id":"","reference_type":"","scores":[],"url":"https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10076"},{"reference_url":"https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/05/19/4","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2019/05/19/4"},{"reference_url":"http://www.securityfocus.com/bid/108437","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/108437"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10076","reference_id":"CVE-2019-10076","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10076"},{"reference_url":"https://github.com/advisories/GHSA-cxx2-fp39-rf3r","reference_id":"GHSA-cxx2-fp39-rf3r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cxx2-fp39-rf3r"}],"fixed_packages":[],"aliases":["CVE-2019-10076","GHSA-cxx2-fp39-rf3r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r8n2-f2bj-fud3"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41771?format=json","vulnerability_id":"VCID-1ezw-t63q-zkgc","summary":"Incorrect Default Permissions\nRemote attackers may delete arbitrary files in a system hosting a JSPWiki instance by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance.","references":[{"reference_url":"https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-44140","reference_id":"","reference_type":"","scores":[],"url":"https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-44140"},{"reference_url":"https://lists.apache.org/thread/5qglpjdhvobppx7j550lf1sk28f6011t","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/5qglpjdhvobppx7j550lf1sk28f6011t"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44140","reference_id":"CVE-2021-44140","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44140"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58040?format=json","purl":"pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r8n2-f2bj-fud3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0"}],"aliases":["CVE-2021-44140"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ezw-t63q-zkgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41767?format=json","vulnerability_id":"VCID-br13-gj7e-fudc","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and retrieve sensitive information about the victim.","references":[{"reference_url":"https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-40369","reference_id":"","reference_type":"","scores":[],"url":"https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-40369"},{"reference_url":"https://lists.apache.org/thread/r2j00nrnpjgcmoxvlv3pgfoq9kzrcsfh","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/r2j00nrnpjgcmoxvlv3pgfoq9kzrcsfh"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40369","reference_id":"CVE-2021-40369","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40369"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58040?format=json","purl":"pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r8n2-f2bj-fud3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0"}],"aliases":["CVE-2021-40369"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-br13-gj7e-fudc"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-war@2.11.0"}