CVSS: 9.9EPSS: 1%CPEs: 5EXPL: 2CVE-2023-36470 – Code injection in icon themes of XWiki Platform
https://notcve.org/view.php?id=CVE-2023-36470
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By either creating a new or editing an existing document with an icon set, an attacker can inject XWiki syntax and Velocity code that is executed with programming rights and thus allows remote code execution. There are different attack vectors, the simplest is the Velocity code in the icon set's HTML or XWiki syntax definition. The [icon picker](https://extensions.xwiki.org/xwiki/bin/view/Extension/Icon%20Theme%20Application#HIconPicker) can be used to trigger the rendering of any icon set. The XWiki syntax variant of the icon set is also used without any escaping in some documents, allowing to inject XWiki syntax including script macros into a document that might have programming right, for this the currently used icon theme needs to be edited. • https://github.com/xwiki/xwiki-platform/commit/46b542854978e9caa687a5c2b8817b8b17877d94 https://github.com/xwiki/xwiki-platform/commit/79418dd92ca11941b46987ef881bf50424898ff4 https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fm68-j7ww-h9xf https://jira.xwiki.org/browse/XWIKI-20524 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.6EPSS: 51%CPEs: 3EXPL: 0CVE-2023-35160 – XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template
https://notcve.org/view.php?id=CVE-2023-35160
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/XWiki/Main xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain). This vulnerability exists since XWiki 2.5-milestone-2. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1. • https://github.com/xwiki/xwiki-platform/commit/dbc92dcdace33823ffd1e1591617006cb5fc6a7f https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r8xc-xxh3-q5x3 https://jira.xwiki.org/browse/XWIKI-20343 https://jira.xwiki.org/browse/XWIKI-20583 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-87: Improper Neutralization of Alternate XSS Syntax •
CVSS: 9.6EPSS: 58%CPEs: 4EXPL: 0CVE-2023-35159 – XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template
https://notcve.org/view.php?id=CVE-2023-35159
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as: > xwiki/bin/deletespace/Sandbox/?xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 3.4-milestone-1. • https://github.com/xwiki/xwiki-platform/commit/5c20ff5e3bdea50f1053fe99a27e011b8d0e4b34 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x234-mg7q-m8g8 https://jira.xwiki.org/browse/XWIKI-20583 https://jira.xwiki.org/browse/XWIKI-20612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-87: Improper Neutralization of Alternate XSS Syntax •
CVSS: 9.6EPSS: 44%CPEs: 4EXPL: 0CVE-2023-35158 – XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template
https://notcve.org/view.php?id=CVE-2023-35158
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as: > /xwiki/bin/view/XWiki/Main?xpage=restore&showBatch=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 9.4-rc-1. • https://github.com/xwiki/xwiki-platform/commit/d5472100606c8355ed44ada273e91df91f682738 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mwxj-g7fw-7hc8 https://jira.xwiki.org/browse/XWIKI-20352 https://jira.xwiki.org/browse/XWIKI-20583 • CWE-87: Improper Neutralization of Alternate XSS Syntax •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35157 – XWiki Platform vulnerable to reflected cross-site scripting via delattachment action
https://notcve.org/view.php?id=CVE-2023-35157
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to perform an XSS by forging a request to a delete attachment action with a specific attachment name. Now this XSS can be exploited only if the attacker knows the CSRF token of the user, or if the user ignores the warning about the missing CSRF token. The vulnerability has been patched in XWiki 15.1-rc-1 and XWiki 14.10.6. • https://github.com/xwiki/xwiki-platform/commit/35e9073ffec567861e0abeea072bd97921a3decf https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-phwm-87rg-27qq https://jira.xwiki.org/browse/XWIKI-20339 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •