CVE-2022-23622

Cross site scripting in registration template in xwiki-platform

Severity Score

6.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting (XSS) vector in the `registerinline.vm` template related to the `xredirect` hidden field. This template is only used in the following conditions: 1. The wiki must be open to registration for anyone. 2. The wiki must be closed to view for Guest users or more specifically the XWiki.Registration page must be forbidden in View for guest user. A way to obtain the second condition is when administrators checked the "Prevent unregistered users from viewing pages, regardless of the page rights" box in the administration rights. This issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. There are two main ways for protecting against this vulnerability, the easiest and the best one is by applying a patch in the `registerinline.vm` template, the patch consists in checking the value of the xredirect field to ensure it matches: `<input type="hidden" name="xredirect" value="$escapetool.xml($!request.xredirect)" />`. If for some reason it's not possible to patch this file, another workaround is to ensure "Prevent unregistered users from viewing pages, regardless of the page rights" is not checked in the rights and apply a better right scheme using groups and rights on spaces.

XWiki Platform es una plataforma wiki genérica que ofrece servicios de ejecución para las aplicaciones construidas sobre ella. En las versiones afectadas se presenta un vector de tipo cross site scripting (XSS) en la plantilla "registerinline.vm" relacionado con el campo oculto "xredirect". Esta plantilla sólo es usada en las siguientes condiciones 1. El wiki debe estar abierto al registro para cualquiera. 2. El wiki debe estar cerrado a la visualización para usuarios invitados o, más concretamente, la página XWiki.Registration debe estar prohibida en View para usuarios invitados. Una forma de obtener la segunda condición es cuando los administradores marcan la casilla "Prevent unregistered users from viewing pages, regardless of the page rights" en los derechos de administración. Este problema está parcheado en las versiones 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. Se presentan dos formas principales de protegerse contra esta vulnerabilidad, la más fácil y la mejor es aplicando un parche en la plantilla "registerinline.vm", el parche consiste en comprobar el valor del campo xredirect para asegurarse de que coincide: "(input type="hidden" name="xredirect" value="$escapetool.xml($!request.xredirect)" /)". Si por alguna razón no es posible parchear este archivo, otra medida de mitigación es asegurarse de que la opción "Prevent unregistered users from viewing pages, regardless of the page rights" no esté marcada en los derechos y aplicar un mejor esquema de derechos usando grupos y derechos en los espacios

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-01-19 CVE Reserved
2022-02-09 CVE Published
2024-08-03 CVE Updated
2024-09-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (3)

URL	Tag	Source
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9	2022-02-15
https://jira.xwiki.org/browse/XWIKI-19291	2022-02-15

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Xwiki Search vendor "Xwiki"		Xwiki Search vendor "Xwiki" for product "Xwiki"				<= 12.10.10 Search vendor "Xwiki" for product "Xwiki" and version " <= 12.10.10"		-		Affected
Xwiki Search vendor "Xwiki"		Xwiki Search vendor "Xwiki" for product "Xwiki"				>= 13.0 <= 13.4.6 Search vendor "Xwiki" for product "Xwiki" and version " >= 13.0 <= 13.4.6"		-		Affected
Xwiki Search vendor "Xwiki"		Xwiki Search vendor "Xwiki" for product "Xwiki"				13.10 Search vendor "Xwiki" for product "Xwiki" and version "13.10"		-		Affected
Xwiki Search vendor "Xwiki"		Xwiki Search vendor "Xwiki" for product "Xwiki"				13.10.1 Search vendor "Xwiki" for product "Xwiki" and version "13.10.1"		-		Affected
Xwiki Search vendor "Xwiki"		Xwiki Search vendor "Xwiki" for product "Xwiki"				13.10.2 Search vendor "Xwiki" for product "Xwiki" and version "13.10.2"		-		Affected
Xwiki Search vendor "Xwiki"		Xwiki Search vendor "Xwiki" for product "Xwiki"				14.0 Search vendor "Xwiki" for product "Xwiki" and version "14.0"		-		Affected