CVE-2023-35153
published 2023-06-23CVE-2023-35153: XWiki Platform is a generic wiki platform. Starting in version 5.4.4 and prior to versions 14.4.8, 14.10.4, and 15.0, a stored cross-site scripting…
PriorityP425medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.74%
50.2th percentile
XWiki Platform is a generic wiki platform. Starting in version 5.4.4 and prior to versions 14.4.8, 14.10.4, and 15.0, a stored cross-site scripting vulnerability can be exploited by users with edit rights by adding a `AppWithinMinutes.FormFieldCategoryClass` class on a page and setting the payload on the page title. Then, any user visiting `/xwiki/bin/view/AppWithinMinutes/ClassEditSheet` executes the payload. The issue has been patched in XWiki 14.4.8, 14.10.4, and 15.0. As a workaround, update `AppWithinMinutes.ClassEditSheet` with a patch.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xwiki | xwiki | — | — |
| xwiki | xwiki | >= 14.10 < 14.10.4 | 14.10.4 |
| xwiki | xwiki | >= 5.4.4 < 14.4.8 | 14.4.8 |
| xwiki | xwiki-platform | — | — |
| xwiki | xwiki-platform | — | — |
| xwiki | xwiki-platform | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters
ghsa·2023-06-20
CVE-2023-35153 [CRITICAL] CWE-79 XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters
XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters
### Impact
A stored XSS can be exploited by users with edit rights by adding a `AppWithinMinutes.FormFieldCategoryClass` class on a page and setting the payload on the page title.
Then, any user visiting `/xwiki/bin/view/AppWithinMinutes/ClassEditSheet` executes the payload.
See https://jira.xwiki.org/browse/XWIKI-20365 for me details.
### Patches
The issue has been patched on XWiki 14.4.8, 14.10.4, and 15.0 ?
### Workarounds
The issue can be fixed by updating `AppWithinMinutes.ClassEditSheet` with this [patch](https://github.com/xwiki/xwiki-platform/commit/1b87fec1e5b5ec00b7a8c3c3f94f6c5e22547392#diff-79e725ec7125cced7d302e1a1f955a76745af26ef28a148981b810e85335d302).
### References
- h
OSV
XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters
osv·2023-06-20
CVE-2023-35153 [CRITICAL] XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters
XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters
### Impact
A stored XSS can be exploited by users with edit rights by adding a `AppWithinMinutes.FormFieldCategoryClass` class on a page and setting the payload on the page title.
Then, any user visiting `/xwiki/bin/view/AppWithinMinutes/ClassEditSheet` executes the payload.
See https://jira.xwiki.org/browse/XWIKI-20365 for me details.
### Patches
The issue has been patched on XWiki 14.4.8, 14.10.4, and 15.0 ?
### Workarounds
The issue can be fixed by updating `AppWithinMinutes.ClassEditSheet` with this [patch](https://github.com/xwiki/xwiki-platform/commit/1b87fec1e5b5ec00b7a8c3c3f94f6c5e22547392#diff-79e725ec7125cced7d302e1a1f955a76745af26ef28a148981b810e85335d302).
### References
- h
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/xwiki/xwiki-platform/commit/1b87fec1e5b5ec00b7a8c3c3f94f6c5e22547392#diff-79e725ec7125cced7d302e1a1f955a76745af26ef28a148981b810e85335d302https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4wc6-hqv9-qc97https://jira.xwiki.org/browse/XWIKI-20365https://github.com/xwiki/xwiki-platform/commit/1b87fec1e5b5ec00b7a8c3c3f94f6c5e22547392#diff-79e725ec7125cced7d302e1a1f955a76745af26ef28a148981b810e85335d302https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4wc6-hqv9-qc97https://jira.xwiki.org/browse/XWIKI-20365
2023-06-23
Published