CVE-2023-35160
published 2023-06-23CVE-2023-35160: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing…
PriorityP339medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
2.27%
80.9th percentile
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/XWiki/Main xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain). This vulnerability exists since XWiki 2.5-milestone-2. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xwiki | xwiki | — | — |
| xwiki | xwiki | — | — |
| xwiki | xwiki | >= 3.0 < 14.10.5 | 14.10.5 |
| xwiki | xwiki-platform | — | — |
| xwiki | xwiki-platform | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template
ghsa·2023-06-22
CVE-2023-35160 [CRITICAL] CWE-79 XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template
XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template
### Impact
Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS).
It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as:
> xwiki/bin/view/XWiki/Main?xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain)
This vulnerability exists since XWiki 2.5-milestone-2.
### Patches
The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.
### Workarounds
It's possible to workaround the vulnerability by editing the template resubmit.vm to perform checks on it, but note that the appropriate fix involves new APIs that have been recently introduced in XWiki.
OSV
XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template
osv·2023-06-22
CVE-2023-35160 [CRITICAL] XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template
XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template
### Impact
Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS).
It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as:
> xwiki/bin/view/XWiki/Main?xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain)
This vulnerability exists since XWiki 2.5-milestone-2.
### Patches
The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.
### Workarounds
It's possible to workaround the vulnerability by editing the template resubmit.vm to perform checks on it, but note that the appropriate fix involves new APIs that have been recently introduced in XWiki.
No detection rules found.
Nuclei
XWiki >= 2.5-milestone-2 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2023-35160 [MEDIUM] XWiki >= 2.5-milestone-2 - Cross-Site Scripting
XWiki >= 2.5-milestone-2 - Cross-Site Scripting
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/XWiki/Main xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain). This vulnerability exists since XWiki 2.5-milestone-2. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.
Template:
id: CVE-2023-35160
info:
name: XWiki >= 2.5-milestone-2 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
XWiki Platform is a generic wiki platform offering runtime servic
https://github.com/xwiki/xwiki-platform/commit/dbc92dcdace33823ffd1e1591617006cb5fc6a7fhttps://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r8xc-xxh3-q5x3https://jira.xwiki.org/browse/XWIKI-20343https://jira.xwiki.org/browse/XWIKI-20583https://github.com/xwiki/xwiki-platform/commit/dbc92dcdace33823ffd1e1591617006cb5fc6a7fhttps://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r8xc-xxh3-q5x3https://jira.xwiki.org/browse/XWIKI-20343https://jira.xwiki.org/browse/XWIKI-20583
2023-06-23
Published