PT-2023-22288 · Xwiki · Xwiki

Rekter0

Publicado

2023-04-12

Atualizado

2023-04-26

CVE-2023-29506

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions XWiki versions 13.10.8 through 13.10.10 XWiki versions 14.4.3 through 14.4.6 XWiki versions 14.6 through 14.9

Description The issue allows code injection using the URL of authenticated endpoints, such as the /xwiki/authenticate/wiki/xwiki endpoint. This can be exploited by manipulating the URL to inject malicious code. The problem is present in several recent versions of XWiki.

Recommendations For XWiki versions 13.10.8 through 13.10.10, update to version 13.10.11. For XWiki versions 14.4.3 through 14.4.6, update to version 14.4.7. For XWiki versions 14.6 through 14.9, update to version 14.10.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-29506

GHSA-JJM5-5V9V-7HX2

Produtos afetados

Xwiki

PT-2023-22288 · Xwiki · Xwiki

CVE-2023-29506

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10