Lucene search
Veracode Vulnerability DatabaseVERACODE:40513HistoryMay 15, 2023 - 1:40 a.m.
Cross-Site Scripting (XSS)
2023-05-1501:40:00
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
1
xwiki
vulnerability
cross-site scripting
xss
attacks
html rendering
javascript
browser
security
0.001 Low
EPSS
Percentile
37.4%
XWiki is vulnerable to Cross-Site Scripting (XSS) attacks. The library does not properly check for dangerous attribute values in HTML rendering before it output to the front end, allowing an attacker to inject and execute malicious JavaScript on victim’s browser.
Related
openvas
openvas
XWiki 3.0-milestone-2 < 14.6-rc-1 XSS Vulnerability (GHSA-6gf5-c898-7rxp)
2023-08-18 00:00:00
nvd
nvd
CVE-2023-32070
2023-05-10 18:15:10
prion
prion
Cross site scripting
2023-05-10 18:15:00
cvelist
cvelist
github
github
Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers
2023-05-11 20:37:30
cve
cve
CVE-2023-32070
2023-05-10 18:15:10
osv
osv
org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability
2023-10-25 21:02:49
CVE-2023-32070
2023-05-10 18:15:10
Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers
2023-05-11 20:37:30