What is the severity of CVE-2023-29206?

The severity of CVE-2023-29206 is critical with a score of 5.4.

How does CVE-2023-29206 impact XWiki?

CVE-2023-29206 allows a user with Edit Right to create a JavaScript xobject or StyleSheet xobject and craft a script, posing a security risk.

Which software versions are affected by CVE-2023-29206?

Versions 3.0 to 14.8 of XWiki are affected by CVE-2023-29206.

How can CVE-2023-29206 be mitigated?

To mitigate CVE-2023-29206, it is recommended to update XWiki to a version that includes the fix provided in the referenced commit or advisory.

Where can I find more information about CVE-2023-29206?

More information about CVE-2023-29206 can be found in the linked references.

Vulnerability/
CVE-2023-29206

critical

CWE

15/4/2023

29/9/2023

CVE-2023-29206: XSS

First published: Sat Apr 15 2023(Updated: )

XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object and to craft a script allowing to perform some operations when executing by a user with appropriate rights. This has been patched in XWiki 14.9-rc-1 by only executing the script if the author of it has Script rights.

Credit: security-advisories@github.com security-advisories@github.com

Affected Software	Affected Version	How to fix
Xwiki Xwiki	>3.0<=14.8
Xwiki Xwiki	=3.0
Xwiki Xwiki	=3.0-milestone_2
Xwiki Xwiki	=3.0-milestone3
Xwiki Xwiki	=3.0-rc1

Remedy

https://github.com/xwiki/xwiki-platform/commit/fe65bc35d5672dd2505b7ac4ec42aec57d500fbb

Remedy

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cmvg-w72j-7phx

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-29206?
The severity of CVE-2023-29206 is critical with a score of 5.4.
How does CVE-2023-29206 impact XWiki?
CVE-2023-29206 allows a user with Edit Right to create a JavaScript xobject or StyleSheet xobject and craft a script, posing a security risk.
Which software versions are affected by CVE-2023-29206?
Versions 3.0 to 14.8 of XWiki are affected by CVE-2023-29206.
How can CVE-2023-29206 be mitigated?
To mitigate CVE-2023-29206, it is recommended to update XWiki to a version that includes the fix provided in the referenced commit or advisory.
Where can I find more information about CVE-2023-29206?
More information about CVE-2023-29206 can be found in the linked references.

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/nvd-api
collector/nvd-index
vendor/xwiki
canonical/xwiki xwiki
version/xwiki xwiki/14.8
version/xwiki xwiki/3.0
version/xwiki xwiki/3.0-milestone_2
version/xwiki xwiki/3.0-milestone3
version/xwiki xwiki/3.0-rc1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.