CVE-2023-32071: XWiki Platform vulnerable to RXSS via editor parameter - importinline template
First published: Tue May 09 2023(Updated: )
### Impact It's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. To reproduce: * add an attachment to a page (for example, your user profile) * add `?xpage=importinline&editor=%22%3E%3Cimg%20src%20onerror=alert(document.domain)%3E` to the page view URL as in `https://myhost/xwiki/bin/view/XWiki/MyUser?xpage=importinline&editor=%22%3E%3Cimg%20src%20onerror=alert(document.domain)%3E` ### Patches This has been patched in XWiki 15.0-rc-1, 14.10.4 and 14.4.8. ### Workarounds The easiest is to edit file `<xwiki app>/templates/importinline.vm` and apply the modification described on https://github.com/xwiki/xwiki-platform/commit/28905f7f518cc6f21ea61fe37e9e1ed97ef36f01 ### References https://jira.xwiki.org/browse/XWIKI-20340 https://app.intigriti.com/company/submissions/e95a7ad5-7029-4627-abf0-3e3e3ea0b4ce/XWIKI-E93DFEYK ### Attribution This vulnerability has been reported on Intigriti by René de Sain @renniepak.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xwiki Xwiki | >=2.3<14.4.8 | |
| Xwiki Xwiki | >=14.5.0<14.10.4 | |
| Xwiki Xwiki | =2.2-milestone1 | |
| maven/org.xwiki.platform:xwiki-platform-distribution-war | >=14.5<14.10.4 | 14.10.4 |
| maven/org.xwiki.platform:xwiki-platform-distribution-war | >=2.2-milestone-1<14.4.8 | 14.4.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://app.intigriti.com/company/submissions/e95a7ad5-7029-4627-abf0-3e3e3ea0b4ce/XWIKI-E93DFEYK
- https://github.com/xwiki/xwiki-platform/commit/28905f7f518cc6f21ea61fe37e9e1ed97ef36f01
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j9h5-vcgv-2jfm
- https://jira.xwiki.org/browse/XWIKI-20340
- https://nvd.nist.gov/vuln/detail/CVE-2023-32071
- https://github.com/advisories/GHSA-j9h5-vcgv-2jfm (Advisory)
Frequently Asked Questions
What is CVE-2023-32071?
CVE-2023-32071 is a vulnerability in XWiki Platform, a generic wiki platform.
What is the severity of CVE-2023-32071?
CVE-2023-32071 has a severity level of critical.
How does CVE-2023-32071 affect XWiki Platform?
CVE-2023-32071 allows an attacker to execute JavaScript with the rights of any user by directing them to a special URL on the wiki that targets a page with an attachment.
Which versions of XWiki Platform are affected by CVE-2023-32071?
Versions 2.2-milestone-1 to 14.4.8, 14.10.4, and 15.0-rc-1 of XWiki Platform are affected by CVE-2023-32071.
How can I fix CVE-2023-32071?
To fix CVE-2023-32071, it is recommended to upgrade XWiki Platform to versions 14.4.8, 14.10.4, or 15.0-rc-1.
- collector/nvd-index
- collector/github-advisory-latest
- alias/GHSA-j9h5-vcgv-2jfm
- alias/CVE-2023-32071
- collector/nvd-cve
- collector/github-advisory
- agent/references
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/title
- agent/remedy
- agent/last-modified-date
- agent/tags
- agent/event
- agent/first-publish-date
- agent/description
- vendor/xwiki
- canonical/xwiki xwiki
- version/xwiki xwiki/2.3
- version/xwiki xwiki/14.5.0
- version/xwiki xwiki/2.2-milestone1
- package-manager/maven