CVE-2023-29506

Summary

XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.

Affected Software

VendorProductVersion RangeStatus
xwikixwiki-platform>= 13.10.8, < 13.10.11affected
xwikixwiki-platform>= 14.4.3, < 14.4.7affected
xwikixwiki-platform>= 14.6, < 14.10affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References