{"url":"http://public2.vulnerablecode.io/api/packages/58174?format=json","purl":"pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M4","type":"maven","namespace":"org.apache.jspwiki","name":"jspwiki-main","version":"2.11.0.M4","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.11.0","latest_non_vulnerable_version":"2.12.0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40996?format=json","vulnerability_id":"VCID-7ckf-bdvx-qkh9","summary":"Cross-site Scripting\nA carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki which could lead to session hijacking. Initial reporting indicated `ReferredPagesPlugin`, but further analysis showed that multiple plugins were vulnerable.","references":[{"reference_url":"https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10078","reference_id":"","reference_type":"","scores":[],"url":"https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10078"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10078","reference_id":"CVE-2019-10078","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10078"},{"reference_url":"https://github.com/advisories/GHSA-hp5r-mhgp-56c9","reference_id":"GHSA-hp5r-mhgp-56c9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hp5r-mhgp-56c9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58174?format=json","purl":"pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M4"}],"aliases":["CVE-2019-10078","GHSA-hp5r-mhgp-56c9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ckf-bdvx-qkh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40995?format=json","vulnerability_id":"VCID-r8n2-f2bj-fud3","summary":"Cross-site Scripting\nA carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki, which could lead to session hijacking.","references":[{"reference_url":"https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10076","reference_id":"","reference_type":"","scores":[],"url":"https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10076"},{"reference_url":"https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16@%3Ccommits.jspwiki.apache.org%3E"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/05/19/4","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2019/05/19/4"},{"reference_url":"http://www.securityfocus.com/bid/108437","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/108437"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10076","reference_id":"CVE-2019-10076","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10076"},{"reference_url":"https://github.com/advisories/GHSA-cxx2-fp39-rf3r","reference_id":"GHSA-cxx2-fp39-rf3r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cxx2-fp39-rf3r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58174?format=json","purl":"pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M4"}],"aliases":["CVE-2019-10076","GHSA-cxx2-fp39-rf3r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r8n2-f2bj-fud3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40997?format=json","vulnerability_id":"VCID-s4g3-2p5v-v3dn","summary":"Cross-site Scripting\nA carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki, which could lead to session hijacking.","references":[{"reference_url":"https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10077","reference_id":"","reference_type":"","scores":[],"url":"https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-10077"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10077","reference_id":"CVE-2019-10077","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10077"},{"reference_url":"https://github.com/advisories/GHSA-cj6j-32rg-45r2","reference_id":"GHSA-cj6j-32rg-45r2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cj6j-32rg-45r2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58174?format=json","purl":"pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M4"}],"aliases":["CVE-2019-10077","GHSA-cj6j-32rg-45r2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s4g3-2p5v-v3dn"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jspwiki/jspwiki-main@2.11.0.M4"}