XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-29506)

Description

XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.

Remediation

References

CVE-2023-29506

Related Vulnerabilities

Plone CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-7135)

Magento CVE-2019-8137 Vulnerability (CVE-2019-8137)

WordPress Plugin All-in-One Custom Backgrounds Lite Unspecified Vulnerability (2.0.2)

WordPress Plugin NextGEN Gallery-WordPress Gallery Directory Traversal (2.1.9)

WordPress Plugin Event Calendar WD-Responsive Event Calendar Cross-Site Scripting (1.1.42)

Severity

Medium

Classification

CVE-2023-29506 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N