[{ALLOW edit Admin}]
[{ALLOW view All}]
!! [[CVE-2019-12407] Apache JSPWiki Cross-site scripting vulnerability related to the {{remember}} parameter

__Severity__  \\
Medium

__Vendor__  \\
The Apache Software Foundation

__Versions Affected__  \\
Apache JSPWiki up to 2.11.0.M4

__Description__ \\
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the {{remember}} parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

__Mitigation__ \\
Apache JSPWiki users should upgrade to 2.11.0.M5 or later.

__Credit__ \\
This issue was discovered by ADLab of VenusTech. 

----
[CVE]

[{PageViewPlugin}]