XWiki URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2023-29204 - Vulnerability Database

XWiki URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2023-29204

Medium

Reference: CVE-2023-29204

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-29204

Title: XWiki URL Redirection to Untrusted Site (Open Redirect) Vulnerability

Overview:

XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as //mydomain.com (i.e. omitting the http:). It was also possible to bypass it when using URL such as http:/mydomain.com. The problem has been patched on XWiki 13.10.10 14.4.4 and 14.8RC1.