Lucene search

CVE-2023-45137

🗓️ 25 Oct 2023 21:10:15Reported by GoogleType

osv🔗 osv.dev👁 14 Views

XWiki Platform web versions 3.1-milestone-2 to 13.4-rc-1 and web templates versions prior to 14.10.12 and 15.5-rc-1 are vulnerable to cross-site scripting due to missing escaping in error messages

Reporter	Title	Published	Views	Family All 8
Vulnrichment	CVE-2023-45137 XWiki Platform XSS with edit right in the create document form for existing pages	25 Oct 202320:13	–	vulnrichment
Prion	Cross site scripting	25 Oct 202321:15	–	prion
Cvelist	CVE-2023-45137 XWiki Platform XSS with edit right in the create document form for existing pages	25 Oct 202320:13	–	cvelist
CVE	CVE-2023-45137	25 Oct 202321:15	–	cve
OSV	XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages	25 Oct 202321:14	–	osv
NVD	CVE-2023-45137	25 Oct 202321:15	–	nvd
Github Security Blog	XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages	25 Oct 202321:14	–	github
OpenVAS	XWiki < 14.10.12, 15.0-rc-1 < 15.5-rc-1 Multiple Vulnerabilities	16 Nov 202300:00	–	openvas

Source	Link
github	www.github.com/xwiki/xwiki-platform/security/advisories/GHSA-93gh-jgjj-r929
jira	www.jira.xwiki.org/browse/XWIKI-20961
github	www.github.com/xwiki/xwiki-platform/commit/ed8ec747967f8a16434806e727a57214a8843581

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

25 Oct 2023 21:15Current

6.9Medium risk

Vulners AI Score6.9

CVSS35.4 - 9

EPSS0.1337

SSVC