| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| CVE-2023-32068 | 16 May 202300:29 | โ | circl | |
| XWiki Platform ่พๅ ฅ้ช่ฏ้่ฏฏๆผๆด | 15 May 202300:00 | โ | cnnvd | |
| CVE-2023-32068 | 15 May 202320:53 | โ | cve | |
| CVE-2023-32068 URL Redirection to Untrusted Site in XWiki | 15 May 202320:53 | โ | cvelist | |
| org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability | 15 May 202320:52 | โ | github | |
| CVE-2023-32068 | 15 May 202321:15 | โ | nvd | |
| XWiki < 14.10.4 Open Redirect Vulnerability (GHSA-6gvj-8vc5-8v3j) | 18 Aug 202300:00 | โ | openvas | |
| CVE-2023-32068 URL Redirection to Untrusted Site in XWiki | 15 May 202320:53 | โ | osv | |
| GHSA-6GVJ-8VC5-8V3J org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability | 15 May 202320:52 | โ | osv | |
| Design/Logic Flaw | 15 May 202321:15 | โ | prion |
id: CVE-2023-32068
info:
name: XWiki - Open Redirect
author: ritikchaddha
severity: medium
description: |
XWiki Platform is vulnerable to open redirect attacks due to improper validation of the xredirect parameter. This allows an attacker to redirect users to an arbitrary website. The vulnerability is patched in versions 14.10.4 and 15.0.
impact: |
An attacker can craft malicious URLs to redirect users to malicious websites.
remediation: |
Implement proper input validation and sanitize user-controlled input to prevent open redirect vulnerabilities.
reference:
- https://jira.xwiki.org/browse/XWIKI-20096
- https://nvd.nist.gov/vuln/detail/CVE-2023-32068
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-32068
cwe-id: CWE-601
epss-score: 0.5507
epss-percentile: 0.98904
cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: xwiki
product: xwiki
shodan-query: html:"data-xwiki-reference"
fofa-query: body="data-xwiki-reference"
tags: cve,cve2023,xwiki,redirect,vuln
http:
- method: GET
path:
- "{{BaseURL}}/bin/login/XWiki/XWikiLogin?xredirect=//oast.me"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?oast\.me(?:\s*?)$'
# digest: 490a004630440220392ff9469c6b383da934fa465d91897e6a4b85ffd8504c762a789f4d4cd2b7ea02202bc6b36a3b806d12126443de169c3faf897ccadbd7746284cb537dc8fa8c3848:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation