XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-29506)

Description

XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.

Remediation

References

CVE-2023-29506

Related Vulnerabilities

WebLogic CVE-2018-11039 Vulnerability (CVE-2018-11039)

Oracle HTTP Server CVE-2007-0280 Vulnerability (CVE-2007-0280)

MySQL CVE-2019-2796 Vulnerability (CVE-2019-2796)

WordPress Plugin Safe SVG Denial of Service (1.9.4)

WordPress Plugin Complianz-GDPR/CCPA Cookie Consent Cross-Site Scripting (5.5.2)

Severity

Medium

Classification

CVE-2023-29506 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N