Description
XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as `//mydomain.com` (i.e. omitting the `http:`). It was also possible to bypass it when using URL such as `http:/mydomain.com`. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1.
Remediation
References
Related Vulnerabilities
MySQL CVE-2017-3635 Vulnerability (CVE-2017-3635)
WordPress Plugin Icon Widget Cross-Site Scripting (1.2.6)
Oracle HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-44790)
WordPress Plugin HubSpot All-In-One Marketing-Forms, Popups, Live Chat Cross-Site Scripting (7.5.5)
WordPress Plugin Contextual Related Posts Cross-Site Request Forgery (1.8.6)