PT-2023-22203 · Xwiki · Xwiki

🗓️ 12 Apr 2023 00:00:00Reported by Positive TechnologiesType

ptsecurity

ptsecurity🔗 dbugs.ptsecurity.com👁 1 Views

XWiki allowed JavaScript and StyleSheet xobjects to run scripts by editors before 14.9-rc-1.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2023-29206	15 Apr 202322:30	–	circl
CNNVD	XWiki Commons 跨站脚本漏洞	15 Apr 202300:00	–	cnnvd
CVE	CVE-2023-29206	15 Apr 202315:41	–	cve
Cvelist	CVE-2023-29206 org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins	15 Apr 202315:41	–	cvelist
EUVD	EUVD-2023-1273	3 Oct 202520:07	–	euvd
Github Security Blog	org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins	12 Apr 202320:38	–	github
NVD	CVE-2023-29206	15 Apr 202316:15	–	nvd
OpenVAS	XWiki 3.0-milestone-1 < 14.9 XSS Vulnerability (GHSA-cmvg-w72j-7phx)	13 Jul 202300:00	–	openvas
OSV	CVE-2023-29206 org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins	15 Apr 202315:41	–	osv
OSV	GHSA-CMVG-W72J-7PHX org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins	12 Apr 202320:38	–	osv

Source	Link
github	www.github.com/xwiki/xwiki-platform/security/advisories/GHSA-cmvg-w72j-7phx
jira	www.jira.xwiki.org/browse/XWIKI-19514
jira	www.jira.xwiki.org/browse/XWIKI-9119
jira	www.jira.xwiki.org/browse/XWIKI-19583
github	www.github.com/xwiki/xwiki-platform/commit/fe65bc35d5672dd2505b7ac4ec42aec57d500fbb
osv	www.osv.dev/vulnerability/GHSA-cmvg-w72j-7phx
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-29206
osv	www.osv.dev/vulnerability/CVE-2023-29206
github	www.github.com/xwiki/xwiki-platform
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

29 Sep 2023 00:00Current

5.2Medium risk

Vulners AI Score5.2

CVSS 3.15.4 - 9

EPSS0.04422

SSVC

XWiki JavaScript xobjects StyleSheet xobjects Editor rights Version prerelease 14.9