CVE-2023-35159

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jun 23, 2023

Updated: Jun 30, 2023

CWE ID 87

CWE ID 79

Summary

CVE-2023-35159 is a cross-site scripting (XSS) vulnerability affecting the XWiki Platform, a generic wiki solution. Malicious users can exploit this issue by crafting a URL with a payload to inject JavaScript into a page. The vulnerability is particularly dangerous when used with the "deletespace" template, allowing attackers to execute scripts such as "javascript:alert(document.domain)" through the XWIki interface. This vulnerability has existed since XWiki 3.4-milestone-1 and has been patched in versions 14.10.5 and 15.1-rc-1.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Xwiki

Affected Vendors

xwiki

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rvep_X
https://www.cve.org/CVERecord?id=CVE-2023-35159
https://nvd.nist.gov/vuln/detail/CVE-2023-35159

Back to Vulnerability Database