cve/2019/CVE-2019-10090.md

### [CVE-2019-10090](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10090)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20JSPWiki&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Disclosure&color=brighgreen)

### Description

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ossf-cve-benchmark/CVE-2019-10090
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2019-10090](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10090)`
			`![](https://img.shields.io/static/v1?label=Product&message=Apache%20JSPWiki&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Disclosure&color=brighgreen)`

			`### Description`

			`On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/ossf-cve-benchmark/CVE-2019-10090`