4 matches found
CVE-2023-45144
com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting XSS and XWiki syntax...
CVE-2023-45144 Remote code execution from login screen through unescaped URL parameter in OAuth Identity XWiki App
com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting XSS and XWiki syntax...
CVE-2023-45144 Remote code execution from login screen through unescaped URL parameter in OAuth Identity XWiki App
com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting XSS and XWiki syntax...
CVE-2023-45144
The CVE concerns com.xwiki.identity-oauth:identity-oauth-ui used for OAuth-based identity providers. When logging in via OAuth, the identityOAuth GET parameter is vulnerable to XSS and XWiki syntax injection, enabling remote code execution via the groovy macro and impacting confidentiality, integ...