Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-23 | CVE-2019-12407 | Cross-site Scripting vulnerability in Apache Jspwiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the remember parameter on some of the JSPs, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 6.1 |
| 2019-09-23 | CVE-2019-10090 | Cross-site Scripting vulnerability in Apache Jspwiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the plain editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 6.1 |
| 2019-09-23 | CVE-2019-12404 | Cross-site Scripting vulnerability in Apache Jspwiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to InfoContent.jsp, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 6.1 |
| 2019-09-23 | CVE-2019-10089 | Cross-site Scripting vulnerability in Apache Jspwiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 6.1 |
| 2019-09-23 | CVE-2019-10087 | Cross-site Scripting vulnerability in Apache Jspwiki On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Page Revision History, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 6.1 |
| 2019-09-11 | CVE-2019-10073 | Cross-site Scripting vulnerability in Apache Ofbiz The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. | 6.1 |
| 2019-08-23 | CVE-2019-12400 | Improper Input Validation vulnerability in multiple products In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. | 5.5 |
| 2019-08-13 | CVE-2019-9516 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. | 6.5 |
| 2019-08-08 | CVE-2019-12397 | Cross-site Scripting vulnerability in Apache Ranger Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. | 6.1 |
| 2019-08-02 | CVE-2019-10093 | Allocation of Resources Without Limits or Throttling vulnerability in Apache Tika In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. | 6.5 |