CVE-2023-29506

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-29506

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29506.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-29506

Aliases

GHSA-jjm5-5v9v-7hx2

Published

2023-04-16T06:49:51.376Z

Modified

2026-02-19T01:40:18.005866Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

org.xwiki.platform:xwiki-platform-security-authentication-default XSS with authenticated endpoints

Details

XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/29xxx/CVE-2023-29506.json"
}

References

Affected packages

Git / github.com/xwiki/xwiki-commons

Affected ranges

Type: GIT
Repo: https://github.com/xwiki/xwiki-commons
Events: Introduced

c919088389a89000b2e687f6ae845150c168b967

Fixed

5d5ba1ade22d91d0fd6bf3dd20bb96fa64264a97

Introduced

f1061cdd99a531c74466c225011a1d25d203a14b

Fixed

8d72461ba6976af6005e2df511bdeeeb17ef2d74

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29506.json"

Git / github.com/xwiki/xwiki-platform

Affected ranges

Type: GIT
Repo: https://github.com/xwiki/xwiki-platform
Events: Introduced

d24b588df8b5a92bef0214e24d3add8615e6188c

Fixed

08e0887f0362b21614e6bfcb5be7e1f568659c41

Introduced

f458acea03f9931f318892b20f4be69f2b743431

Fixed

962ee4ac0352ab1a89cc779c29e81b0674d0203e

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29506.json"