XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript. This requires social engineer to trick a user to follow the URL. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0.
References
Link | Resource |
---|---|
https://github.com/xwiki/xwiki-platform/commit/27eca8423fc1ad177518077a733076821268509c | Patch |
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wcg9-pgqv-xm5v | Vendor Advisory |
https://jira.xwiki.org/browse/XWIKI-21810 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Aug 2024, 16:10
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
First Time |
Xwiki
Xwiki xwiki |
|
CWE | CWE-79 | |
CPE | cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* | |
References | () https://github.com/xwiki/xwiki-platform/commit/27eca8423fc1ad177518077a733076821268509c - Patch | |
References | () https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wcg9-pgqv-xm5v - Vendor Advisory | |
References | () https://jira.xwiki.org/browse/XWIKI-21810 - Issue Tracking, Vendor Advisory |
19 Aug 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-19 17:15
Updated : 2024-08-20 16:10
NVD link : CVE-2024-43400
Mitre link : CVE-2024-43400
CVE.ORG link : CVE-2024-43400
JSON object : View
Products Affected
xwiki
- xwiki