XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.
References
Link | Resource |
---|---|
https://github.com/xwiki/xwiki-platform/commit/1943ea26c967ef868fb5f67c487d98d97cba0380 | Patch |
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jjm5-5v9v-7hx2 | Exploit Patch Vendor Advisory |
https://jira.xwiki.org/browse/XWIKI-20335 | Exploit Issue Tracking |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2023-04-16 07:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-29506
Mitre link : CVE-2023-29506
CVE.ORG link : CVE-2023-29506
JSON object : View
Products Affected
xwiki
- xwiki
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')