// For flags

CVE-2022-23622

Cross site scripting in registration template in xwiki-platform

Severity Score

6.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting (XSS) vector in the `registerinline.vm` template related to the `xredirect` hidden field. This template is only used in the following conditions: 1. The wiki must be open to registration for anyone. 2. The wiki must be closed to view for Guest users or more specifically the XWiki.Registration page must be forbidden in View for guest user. A way to obtain the second condition is when administrators checked the "Prevent unregistered users from viewing pages, regardless of the page rights" box in the administration rights. This issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. There are two main ways for protecting against this vulnerability, the easiest and the best one is by applying a patch in the `registerinline.vm` template, the patch consists in checking the value of the xredirect field to ensure it matches: `<input type="hidden" name="xredirect" value="$escapetool.xml($!request.xredirect)" />`. If for some reason it's not possible to patch this file, another workaround is to ensure "Prevent unregistered users from viewing pages, regardless of the page rights" is not checked in the rights and apply a better right scheme using groups and rights on spaces.

XWiki Platform es una plataforma wiki genérica que ofrece servicios de ejecución para las aplicaciones construidas sobre ella. En las versiones afectadas se presenta un vector de tipo cross site scripting (XSS) en la plantilla "registerinline.vm" relacionado con el campo oculto "xredirect". Esta plantilla sólo es usada en las siguientes condiciones 1. El wiki debe estar abierto al registro para cualquiera. 2. El wiki debe estar cerrado a la visualización para usuarios invitados o, más concretamente, la página XWiki.Registration debe estar prohibida en View para usuarios invitados. Una forma de obtener la segunda condición es cuando los administradores marcan la casilla "Prevent unregistered users from viewing pages, regardless of the page rights" en los derechos de administración. Este problema está parcheado en las versiones 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. Se presentan dos formas principales de protegerse contra esta vulnerabilidad, la más fácil y la mejor es aplicando un parche en la plantilla "registerinline.vm", el parche consiste en comprobar el valor del campo xredirect para asegurarse de que coincide: "(input type="hidden" name="xredirect" value="$escapetool.xml($!request.xredirect)" /)". Si por alguna razón no es posible parchear este archivo, otra medida de mitigación es asegurarse de que la opción "Prevent unregistered users from viewing pages, regardless of the page rights" no esté marcada en los derechos y aplicar un mejor esquema de derechos usando grupos y derechos en los espacios

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-01-19 CVE Reserved
  • 2022-02-09 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-10-25 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Xwiki
Search vendor "Xwiki"
Xwiki
Search vendor "Xwiki" for product "Xwiki"
<= 12.10.10
Search vendor "Xwiki" for product "Xwiki" and version " <= 12.10.10"
-
Affected
Xwiki
Search vendor "Xwiki"
Xwiki
Search vendor "Xwiki" for product "Xwiki"
>= 13.0 <= 13.4.6
Search vendor "Xwiki" for product "Xwiki" and version " >= 13.0 <= 13.4.6"
-
Affected
Xwiki
Search vendor "Xwiki"
Xwiki
Search vendor "Xwiki" for product "Xwiki"
13.10
Search vendor "Xwiki" for product "Xwiki" and version "13.10"
-
Affected
Xwiki
Search vendor "Xwiki"
Xwiki
Search vendor "Xwiki" for product "Xwiki"
13.10.1
Search vendor "Xwiki" for product "Xwiki" and version "13.10.1"
-
Affected
Xwiki
Search vendor "Xwiki"
Xwiki
Search vendor "Xwiki" for product "Xwiki"
13.10.2
Search vendor "Xwiki" for product "Xwiki" and version "13.10.2"
-
Affected
Xwiki
Search vendor "Xwiki"
Xwiki
Search vendor "Xwiki" for product "Xwiki"
14.0
Search vendor "Xwiki" for product "Xwiki" and version "14.0"
-
Affected