CVE-2023-35158

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jun 23, 2023

Updated: Jun 30, 2023

CWE ID 87

Summary

CVE-2023-35158 is a XSS vulnerability affecting the XWiki Platform, a generic wiki platform. Maliciously crafted URLs with a specific payload can inject JavaScript into a page, exploiting the restore template functionality. Users can potentially trigger this vulnerability by visiting a malicious link, leading to the execution of malicious code. This vulnerability has existed since XWiki 9.4-rc-1 and has been patched in versions 14.10.5 and 15.1-rc-1.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Xwiki

Affected Vendors

xwiki

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rveuzy
https://www.cve.org/CVERecord?id=CVE-2023-35158
https://nvd.nist.gov/vuln/detail/CVE-2023-35158

Back to Vulnerability Database