3 matches found
CVE-2023-40176 SXSS in the user profile via the timezone displayer
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop...
GHSA-H8CM-3V5F-RGP6 XWiki Platform Stored Cross-site Scripting in the user profile via the timezone displayer
Impact Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop down no free text value it can still be set from JavaScript using the browser developer tools or b...
XWiki Platform Stored Cross-site Scripting in the user profile via the timezone displayer
Impact Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop down no free text value it can still be set from JavaScript using the browser developer tools or b...