PT-2022-16131 · Unknown · Xwiki Platform

Sergiu Dumitriu

Published

2022-02-09

Updated

2022-02-15

CVE-2022-23618

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions XWiki Platform versions prior to 12.10.7 XWiki Platform versions prior to 13.3RC1

Description The XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions, there is no protection against URL redirection to untrusted sites, in particular, some well-known parameters (xredirect) can be used to perform URL redirections.

Recommendations For XWiki Platform versions prior to 12.10.7, update to version 12.10.7 or later. For XWiki Platform versions prior to 13.3RC1, update to version 13.3RC1 or later. As a temporary workaround, consider restricting the use of the xredirect parameter to minimize the risk of exploitation.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2022-23618

GHSA-JP55-VVMF-63MV

Affected Products

Xwiki Platform

PT-2022-16131 · Unknown · Xwiki Platform

CVE-2022-23618

Weakness Enumeration

Related Identifiers

Affected Products

References · 10