CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
69.3%
Itβs possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment.
To reproduce:
?xpage=importinline&editor=%22%3E%3Cimg%20src%20onerror=alert(document.domain)%3E
to the page view URL as in https://myhost/xwiki/bin/view/XWiki/MyUser?xpage=importinline&editor=%22%3E%3Cimg%20src%20onerror=alert(document.domain)%3E
This has been patched in XWiki 15.0-rc-1, 14.10.4 and 14.4.8.
The easiest is to edit file <xwiki app>/templates/importinline.vm
and apply the modification described on https://github.com/xwiki/xwiki-platform/commit/28905f7f518cc6f21ea61fe37e9e1ed97ef36f01
https://jira.xwiki.org/browse/XWIKI-20340
https://app.intigriti.com/company/submissions/e95a7ad5-7029-4627-abf0-3e3e3ea0b4ce/XWIKI-E93DFEYK
This vulnerability has been reported on Intigriti by RenΓ© de Sain @renniepak.
Vendor | Product | Version | CPE |
---|---|---|---|
org.xwiki.platform | xwiki-platform-distribution-war | * | cpe:2.3:a:org.xwiki.platform:xwiki-platform-distribution-war:*:*:*:*:*:*:*:* |
app.intigriti.com/company/submissions/e95a7ad5-7029-4627-abf0-3e3e3ea0b4ce/XWIKI-E93DFEYK
github.com/advisories/GHSA-j9h5-vcgv-2jfm
github.com/xwiki/xwiki-platform/commit/28905f7f518cc6f21ea61fe37e9e1ed97ef36f01
github.com/xwiki/xwiki-platform/security/advisories/GHSA-j9h5-vcgv-2jfm
jira.xwiki.org/browse/XWIKI-20340
nvd.nist.gov/vuln/detail/CVE-2023-32071