Cross site scripting

🗓️ 06 Nov 2023 19:15:00Reported by PRIOn knowledge baseType

XWiki Platform vulnerable to reflected cross-site scripting (RXSS) via `rev` parameter in content menu leading to arbitrary actions execution and remote code (Groovy) execution, compromising XWiki installation. Patch available in XWiki 15.6 RC1, 15.5.1, and 14.10.14

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2023-46732	6 Nov 202322:26	–	circl
CNNVD	XWiki Platform Cross-Site Scripting Vulnerability	6 Nov 202300:00	–	cnnvd
CVE	CVE-2023-46732	6 Nov 202318:45	–	cve
Cvelist	CVE-2023-46732 Reflected Cross-site scripting through revision parameter in content menu in XWiki Platform	6 Nov 202318:45	–	cvelist
Github Security Blog	XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu	8 Nov 202314:51	–	github
Nuclei	XWiki < 14.10.14 - Cross-Site Scripting	7 Jun 202603:02	–	nuclei
NVD	CVE-2023-46732	6 Nov 202319:15	–	nvd
OpenVAS	XWiki 9.7-rc-1 < 14.10.14, 15.0-rc-1 < 15.5.1 XSS Vulnerability (GHSA-j9rc-w3wv-fv62)	16 Nov 202300:00	–	openvas
OSV	CVE-2023-46732 Reflected Cross-site scripting through revision parameter in content menu in XWiki Platform	6 Nov 202318:45	–	osv
OSV	GHSA-J9RC-W3WV-FV62 XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu	8 Nov 202314:51	–	osv

Source	Link
jira	www.jira.xwiki.org/browse/XWIKI-21095
github	www.github.com/xwiki/xwiki-platform/security/advisories/GHSA-j9rc-w3wv-fv62
github	www.github.com/xwiki/xwiki-platform/commit/04e325d57d4bcb6ab79bddcafbb19032474c2a55

14 Nov 2023 19:33Current

7.2High risk

Vulners AI Score7.2

EPSS0.48106