CVE-2023-35159 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template

🗓️ 23 Jun 2023 18:34:17Reported by GoogleType

osv

osv🔗 osv.dev👁 18 Views

XWiki Platform allows URL-based XSS attack via deletespace template

Reporter	Title	Published	Views	Family All 12
BDU FSTEC	The vulnerability of the XWiki platform for creating collaborative web applications lies in its lack of protection for website structures. This allows attackers to replace the displayed URLs with malicious ones.	4 Sep 202300:00	–	bdu_fstec
Circl	CVE-2023-35159	23 Jun 202322:33	–	circl
CNNVD	XWiki Platform 跨站脚本漏洞	23 Jun 202300:00	–	cnnvd
CVE	CVE-2023-35159	23 Jun 202318:34	–	cve
Cvelist	CVE-2023-35159 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template	23 Jun 202318:34	–	cvelist
EUVD	EUVD-2023-1908	3 Oct 202520:07	–	euvd
Github Security Blog	XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template	22 Jun 202319:59	–	github
Nuclei	XWiki >= 3.4-milestone-1 - Cross-Site Scripting	8 Jun 202604:09	–	nuclei
NVD	CVE-2023-35159	23 Jun 202319:15	–	nvd
OSV	GHSA-X234-MG7Q-M8G8 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template	22 Jun 202319:59	–	osv

Source	Link
jira	www.jira.xwiki.org/browse/XWIKI-20583
jira	www.jira.xwiki.org/browse/XWIKI-20612
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2023/35xxx/CVE-2023-35159.json
github	www.github.com/xwiki/xwiki-platform/security/advisories/GHSA-x234-mg7q-m8g8
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-35159
github	www.github.com/xwiki/xwiki-platform/commit/5c20ff5e3bdea50f1053fe99a27e011b8d0e4b34

10 Apr 2026 04:59Current

6.2Medium risk

Vulners AI Score6.2

CVSS 3.19.6

EPSS0.0428

xwiki platform url-based xss attack deletespace template vulnerability patched