9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.8%
It’s possible to store a JavaScript which will be executed by anyone viewing the history of an attachment containing javascript in its name.
For example, attachment a file with name ><img src>.jpg
will execute the alert.
This issue has been patched in XWiki 13.10.6 and 14.3RC1.
It is possible to replace viewattachrev.vm, the entry point for this attack, by a patched version from the patch without updating XWiki.
If you have any questions or comments about this advisory:
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.8%