{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-17T06:27:52.097","vulnerabilities":[{"cve":{"id":"CVE-2019-12404","sourceIdentifier":"security@apache.org","published":"2019-09-23T15:15:10.483","lastModified":"2024-11-21T04:22:46.257","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim."},{"lang":"es","value":"En Apache JSPWiki, hasta la versión 2.11.0.M4, una invocación de enlace de plugin cuidadosamente diseñada podría desencadenar una vulnerabilidad de tipo XSS en Apache JSPWiki, relacionada con archivo InfoContent.jsp, lo que podría permitir al atacante ejecutar javascript en el navegador de la víctima y obtener alguna información confidencial sobre la víctima."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:*","versionEndIncluding":"2.10.5","matchCriteriaId":"9490098B-32BC-4DE1-A91C-0DB1781B6551"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:jspwiki:2.11.0:m1:*:*:*:*:*:*","matchCriteriaId":"695F7479-0378-43BA-B4EF-2720D9D603B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:jspwiki:2.11.0:m1-rc1:*:*:*:*:*:*","matchCriteriaId":"FED3FE19-F79F-4935-A399-D02502257719"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:jspwiki:2.11.0:m1-rc2:*:*:*:*:*:*","matchCriteriaId":"C4F7A3FC-749D-4074-B8C5-B2E413E059E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:jspwiki:2.11.0:m1-rc3:*:*:*:*:*:*","matchCriteriaId":"17D5A1A7-4D6D-44E6-9EE8-93F306300346"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:jspwiki:2.11.0:m2:*:*:*:*:*:*","matchCriteriaId":"544E5477-CADE-4E6A-B0AF-E178CE98CD39"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:jspwiki:2.11.0:m2-rc1:*:*:*:*:*:*","matchCriteriaId":"1518742F-4C6F-488F-8510-6D5774F46D6F"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:jspwiki:2.11.0:m3:*:*:*:*:*:*","matchCriteriaId":"E857BCCA-1DF1-4E97-939A-72F58CAF7682"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:jspwiki:2.11.0:m3-rc1:*:*:*:*:*:*","matchCriteriaId":"6A59A703-D91D-4841-AF98-CF64ED0657D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:jspwiki:2.11.0:m3-rc2:*:*:*:*:*:*","matchCriteriaId":"62E87475-188A-4793-8FE2-99E8F407ABB0"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:jspwiki:2.11.0:m4:*:*:*:*:*:*","matchCriteriaId":"FAD5C4C6-B329-4763-9F8D-3DEECEAF6258"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:jspwiki:2.11.0:m4-rc1:*:*:*:*:*:*","matchCriteriaId":"8C294E89-885D-4963-B00C-BA8F03AB99FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:jspwiki:2.11.0:m4-rc2:*:*:*:*:*:*","matchCriteriaId":"615D6BA8-2E24-4A27-AD40-DEA5CBD47D76"}]}]}],"references":[{"url":"https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12404","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2019-12404","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}