[{ALLOW edit Admin}] [{ALLOW view All}] !! [[CVE-2019-12407] Apache JSPWiki Cross-site scripting vulnerability related to the {{remember}} parameter __Severity__ \\ Medium __Vendor__ \\ The Apache Software Foundation __Versions Affected__ \\ Apache JSPWiki up to 2.11.0.M4 __Description__ \\ A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the {{remember}} parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. __Mitigation__ \\ Apache JSPWiki users should upgrade to 2.11.0.M5 or later. __Credit__ \\ This issue was discovered by ADLab of VenusTech. ---- [CVE] [{PageViewPlugin}]