Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-35155 - Vulnerability Database
XWikiplatform

XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-35155

Medium
Reference: CVE-2023-35155
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-35155
Title: XWiki Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). For instance the following URL execute an alter on the browser: ltxwiki-hostgt/xwiki/bin/view/Main/viewershareampsend1amptargetamptarget3Cimgsrconerror3Dalert28document.domain293E3Cimgsrconerror3Dalert28document.domain293E3Crenniepak40intigriti.me3EampincludeDocumentinlineampmessageIwantedtosharethispagewithyou. where ltxwiki-hostgt is the URL of your XWiki installation. The vulnerability has been patched in XWiki 15.0-rc-1 14.10.4 and 14.4.8.