CVE-2023-35158

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as:...

CVE-2023-35158 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as:...

CVE-2023-35158

XWiki Platform is vulnerable to a reflected XSS via the xredirect parameter in the restore template. The flaw allows injecting JavaScript into pages when a crafted URL is visited (exists since 9.4-rc-1). Affected versions include 9.4-rc-1 onward; patched in 14.10.5 and 15.1-rc-1. Remediation: upg...

XWiki Platform 安全漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform versions prior to 9.4-rc-1. An attacker can exploit this vulnerability to inject Javascript code into a page by forging a...

GHSA-MWXJ-G7FW-7HC8 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template

Impact Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as: /xwiki/bin/view/XWiki/Main?xpage=restore&showBatch=true&xredirect=javascript:alertdocument.domain This...