cbcvebase.
CVE-2023-29508
published 2023-04-16

CVE-2023-29508: XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the…

PriorityP426medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.42%
34.0th percentile
XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11.

Affected

11 ranges
VendorProductVersion rangeFixed in
artifexghostscript>= 0 < 9.55.0~dfsg1-0ubuntu5.129.55.0~dfsg1-0ubuntu5.12
artifexghostscript>= 0 < 10.02.1~dfsg1-0ubuntu7.710.02.1~dfsg1-0ubuntu7.7
artifexghostscript>= 0 < 9.26~dfsg+0-0ubuntu0.16.04.14+esm99.26~dfsg+0-0ubuntu0.16.04.14+esm9
artifexghostscript>= 0 < 9.26~dfsg+0-0ubuntu0.18.04.18+esm49.26~dfsg+0-0ubuntu0.18.04.18+esm4
artifexghostscript>= 0 < 9.50~dfsg-5ubuntu4.15+esm19.50~dfsg-5ubuntu4.15+esm1
xwikixwiki< 13.10.1113.10.11
xwikixwiki
xwikixwiki>= 14.4.0 < 14.4.714.4.7
xwikixwiki-platform
xwikixwiki-platform
xwikixwiki-platform

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
osv4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.