XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-32070 - Vulnerability Database

XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-32070

Medium

Reference: CVE-2023-32070

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-32070

Title: XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1 HTML rendering didn39t check for dangerous attributes/attribute values. This allowed cross-site scripting (XSS) attacks via attributes and link URLs e.g. supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. There are no known workarounds apart from upgrading to a fixed version.