Lucene search
PRIOn knowledge basePRION:CVE-2023-32070HistoryMay 10, 2023 - 6:15 p.m.
Cross site scripting
2023-05-1018:15:00
PRIOn knowledge base
www.prio-n.com
5
xwiki platform
cross-site scripting
html rendering
xss attacks
vulnerability
patch
upgrade
0.001 Low
EPSS
Percentile
37.4%
XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn’t check for dangerous attributes/attribute values. This allowed cross-site scripting (XSS) attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. There are no known workarounds apart from upgrading to a fixed version.
| CPE | Name | Operator | Version |
|---|---|---|---|
| rendering | eq | 3.0 milestone-2 | |
| xwiki | le | 14.5 |
Related
openvas
openvas
XWiki 3.0-milestone-2 < 14.6-rc-1 XSS Vulnerability (GHSA-6gf5-c898-7rxp)
2023-08-18 00:00:00
nvd
nvd
CVE-2023-32070
2023-05-10 18:15:10
cvelist
cvelist
github
github
Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers
2023-05-11 20:37:30
cve
cve
CVE-2023-32070
2023-05-10 18:15:10
veracode
veracode
Cross-Site Scripting (XSS)
2023-05-15 01:40:00
osv
osv
org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability
2023-10-25 21:02:49
CVE-2023-32070
2023-05-10 18:15:10
Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers
2023-05-11 20:37:30