CVE-2023-29508

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-29508

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29508.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-29508

Aliases

GHSA-hmm7-6ph9-8jf2

Published

2023-04-16T08:15:07Z

Modified

2024-09-02T20:55:30Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11.

References

Affected packages

Git / github.com/xwiki/xwiki-commons

Affected ranges

Type: GIT
Repo: https://github.com/xwiki/xwiki-commons
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8d72461ba6976af6005e2df511bdeeeb17ef2d74

Type: GIT
Repo: https://github.com/xwiki/xwiki-platform
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

08e0887f0362b21614e6bfcb5be7e1f568659c41