Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:58 a.m.13 views

CVE-2023-45144

com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting XSS and XWiki syntax...

10CVSS6.9AI score0.01088EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/16 8:32 p.m.15 views

CVE-2023-45144 Remote code execution from login screen through unescaped URL parameter in OAuth Identity XWiki App

com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting XSS and XWiki syntax...

10CVSS9.4AI score0.01088EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/10/16 8:32 p.m.23 views

CVE-2023-45144 Remote code execution from login screen through unescaped URL parameter in OAuth Identity XWiki App

com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting XSS and XWiki syntax...

10CVSS9.6AI score0.01088EPSS
Exploits0References5
CVE
CVE
added 2023/10/16 8:32 p.m.107 views

CVE-2023-45144

The CVE concerns com.xwiki.identity-oauth:identity-oauth-ui used for OAuth-based identity providers. When logging in via OAuth, the identityOAuth GET parameter is vulnerable to XSS and XWiki syntax injection, enabling remote code execution via the groovy macro and impacting confidentiality, integ...

10CVSS9.5AI score0.01088EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder