cbcvebase.
CVE-2023-46732
published 2023-11-06

CVE-2023-46732: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to reflected cross-site scripting…

PriorityP179medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
2.19%
80.2th percentile
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to reflected cross-site scripting (RXSS) via the `rev` parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a link with a crafted parameter, this allows the attacker to execute arbitrary actions in the name of the user, including remote code (Groovy) execution in the case of a user with programming right, compromising the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.6 RC1, 15.5.1 and 14.10.14. The patch in commit `04e325d57` can be manually applied without upgrading (or restarting) the instance. Users are advised to upgrade or to manually apply the patch. There are no known workarounds for this vulnerability.

Affected

4 ranges
VendorProductVersion rangeFixed in
xwikixwiki>= 15.0 < 15.5.115.5.1
xwikixwiki>= 9.7 < 14.10.1414.10.14
xwikixwiki-platform
xwikixwiki-platform

Detection & IOCsextracted from sources · hover to see the quote

  • Look for reflected XSS payload in the `rev` parameter of XWiki content menu requests — the parameter value is reflected unescaped in the HTML response body.
  • Nuclei/HTTP probe: flag responses where the body contains the injected XSS string, Content-Type is text/html, and HTTP status is 200.
  • The patch commit `04e325d57` can be used as a reference point to identify unpatched XWiki instances (versions prior to 15.6 RC1, 15.5.1, and 14.10.14).
  • ·Exploitation requires convincing a user to visit a crafted link; impact escalates to remote code execution (Groovy) if the victim has programming rights on the XWiki instance.
  • ·No known workarounds exist; remediation is upgrade to XWiki 15.6 RC1, 15.5.1, or 14.10.14, or manual application of patch commit 04e325d57.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck9.6CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.