2 matches found
CVE-2023-35162 XPlatform Wiki vulnerable to cross-site scripting via xcontinue parameter in preview actions template
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the previewactions template to perform a XSS, e.g. by using URL such as:...
CVE-2023-35162
CVE-2023-35162 affects XWiki Platform (XWiki Platform core) and is a reflected XSS vulnerability in the previewactions template. An attacker can craft a URL with a payload e.g. using xcontinue to inject JavaScript (as shown in the public examples), potentially enabling user-driven script executio...