Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
XWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-29204) - Vulnerability Database

XWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-29204)

Description

XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as `//mydomain.com` (i.e. omitting the `http:`). It was also possible to bypass it when using URL such as `http:/mydomain.com`. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1.

References

CVE-2023-29204

Related Vulnerabilities

XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32731) Medium
Common tags: Missing Update Known Vulnerabilities
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7740) Medium
Common tags: Missing Update Known Vulnerabilities
phpMyAdmin CVE-2019-6799 Vulnerability (CVE-2019-6799) Medium
Common tags: Missing Update Known Vulnerabilities
Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-6970) High
Common tags: Missing Update Known Vulnerabilities
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-6975) High
Common tags: Missing Update Known Vulnerabilities

Severity

Medium

Classification

CVE-2023-29204
CWE-601
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update
Known Vulnerabilities