5 matches found
CVE-2023-35158
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as:...
CVE-2023-35158
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as:...
CVE-2023-35158
XWiki Platform is vulnerable to a reflected XSS via the xredirect parameter in the restore template. The flaw allows injecting JavaScript into pages when a crafted URL is visited (exists since 9.4-rc-1). Affected versions include 9.4-rc-1 onward; patched in 14.10.5 and 15.1-rc-1. Remediation: upg...
CVE-2023-35158 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as:...
CVE-2023-35158 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as:...