Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:37 a.m.13 views

CVE-2023-35158

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.7AI score0.02048EPSS
Exploits0References1
NVD
NVD
added 2023/06/23 7:15 p.m.45 views

CVE-2023-35158

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as:...

9.6CVSS9.3AI score0.02048EPSS
Exploits0References4
CVE
CVE
added 2023/06/23 6:26 p.m.77 views

CVE-2023-35158

XWiki Platform is vulnerable to a reflected XSS via the xredirect parameter in the restore template. The flaw allows injecting JavaScript into pages when a crafted URL is visited (exists since 9.4-rc-1). Affected versions include 9.4-rc-1 onward; patched in 14.10.5 and 15.1-rc-1. Remediation: upg...

9.6CVSS7.6AI score0.02048EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/06/23 6:26 p.m.39 views

CVE-2023-35158 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as:...

9.6CVSS9.5AI score0.02048EPSS
Exploits0References4
OSV
OSV
added 2023/06/23 6:26 p.m.28 views

CVE-2023-35158 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.2AI score0.02048EPSS
Exploits0References6
Rows per page
Query Builder