Lucene search
Veracode Vulnerability DatabaseVERACODE:40468HistoryMay 11, 2023 - 3:14 a.m.
Cross-Site Scripting (XSS)
2023-05-1103:14:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
cross-site scripting
xss
vulnerability
org.xwiki.commons:xwiki-commons-xml
arbitrary html code
malicious javascript
front end
browser
0.002 Low
EPSS
Percentile
61.9%
org.xwiki.commons:xwiki-commons-xml is vulnerable to Cross-Site Scripting (XSS) attacks. The library does not properly escape arbitrary HTML code before it output to the front end, allowing an attacker to inject and execute malicious javascript on the victim’s browser.
| CPE | Name | Operator | Version |
|---|---|---|---|
| xwiki commons - xml | le | 14.10.3 | |
| xwiki commons - xml | le | 14.10.3 |
References
github.com/advisories/GHSA-pv7v-ph6g-3gxv
github.com/xwiki/xwiki-commons/commit/0b8e9c45b7e7457043938f35265b2aa5adc76a68
github.com/xwiki/xwiki-commons/commit/cfc9db026c095cffb324697054f9fef5fcb62c56
github.com/xwiki/xwiki-commons/security/advisories/GHSA-pv7v-ph6g-3gxv
jira.xwiki.org/browse/XCOMMONS-2606
Related
cvelist
cvelist
cve
cve
CVE-2023-31126
2023-05-09 13:15:18
openvas
openvas
XWiki 14.6-rc-1 < 14.10.4 XSS Vulnerability (GHSA-pv7v-ph6g-3gxv)
2023-08-18 00:00:00
github
github
osv
osv
CVE-2023-31126
2023-05-09 13:15:18
nvd
nvd
CVE-2023-31126
2023-05-09 13:15:18
prion
prion
Cross site scripting
2023-05-09 13:15:00