GHSA-4wc6-hqv9-qc97

Source

https://github.com/advisories/GHSA-4wc6-hqv9-qc97

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-4wc6-hqv9-qc97/GHSA-4wc6-hqv9-qc97.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-4wc6-hqv9-qc97

Aliases

CVE-2023-35153

Published

2023-06-20T16:47:13Z

Modified

2023-11-08T04:12:50.377008Z

Severity

9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator

Summary

XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters

Details

Impact

A stored XSS can be exploited by users with edit rights by adding a AppWithinMinutes.FormFieldCategoryClass class on a page and setting the payload on the page title. Then, any user visiting /xwiki/bin/view/AppWithinMinutes/ClassEditSheet executes the payload.

See https://jira.xwiki.org/browse/XWIKI-20365 for me details.

Patches

The issue has been patched on XWiki 14.4.8, 14.10.4, and 15.0 ?

Workarounds

The issue can be fixed by updating AppWithinMinutes.ClassEditSheet with this patch.

References

https://github.com/xwiki/xwiki-platform/commit/1b87fec1e5b5ec00b7a8c3c3f94f6c5e22547392#diff-79e725ec7125cced7d302e1a1f955a76745af26ef28a148981b810e85335d302
https://jira.xwiki.org/browse/XWIKI-20365

For more information

If you have any questions or comments about this advisory:

Open an issue in Jira XWiki.org
Email us at Security Mailing List

Attribution

This vulnerability has been reported on Intigriti by René de Sain @renniepak.

Database specific

{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79",
        "CWE-80"
    ],
    "github_reviewed_at": "2023-06-20T16:47:13Z",
    "nvd_published_at": "2023-06-23T18:15:13Z",
    "severity": "CRITICAL"
}

References

Affected packages

Maven

org.xwiki.platform:xwiki-platform-appwithinminutes-ui

Package

Name: org.xwiki.platform:xwiki-platform-appwithinminutes-ui; View open source insights on deps.dev
Purl: pkg:maven/org.xwiki.platform/xwiki-platform-appwithinminutes-ui

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.4.4

Fixed

14.4.8

org.xwiki.platform:xwiki-platform-appwithinminutes-ui

Package

Name: org.xwiki.platform:xwiki-platform-appwithinminutes-ui; View open source insights on deps.dev
Purl: pkg:maven/org.xwiki.platform/xwiki-platform-appwithinminutes-ui

Affected ranges

Type: ECOSYSTEM
Events: Introduced

14.5

Fixed

14.10.4

org.xwiki.platform:xwiki-platform-appwithinminutes-ui

Package

Name: org.xwiki.platform:xwiki-platform-appwithinminutes-ui; View open source insights on deps.dev
Purl: pkg:maven/org.xwiki.platform/xwiki-platform-appwithinminutes-ui

Affected ranges

Type: ECOSYSTEM
Events: Introduced

15.0-rc-1

Fixed

15.0