WEB APPLICATION VULNERABILITIES Standard & Premium

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-29508)

Description

XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11.

Remediation

References

Related Vulnerabilities

WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Unspecified Vulnerability (2.4.3)

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-7937)

Moment.js Uncontrolled Resource Consumption Vulnerability (CVE-2017-18214)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2156)

WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.15)

Severity

Medium

Classification

CVE-2023-29508 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities