CVE-2023-35161

Summary

CVE-2023-35161 is a cross-site scripting (XSS) vulnerability affecting the XWiki Platform, a widely used wiki solution. Hackers can exploit this flaw by crafting a malicious URL containing a payload that injects JavaScript code into web pages. Specifically, the DeleteApplication page is susceptible, and users can execute this attack by visiting a specially crafted URL, such as "xwiki/bin/view/AppWithinMinutes/DeleteApplication?appName=Menu&resolve=true&xredirect=javascript:alert(document.domain)". This vulnerability, which allows attackers to steal sensitive data or perform other malicious actions, has existed since XWiki 6.2-milestone-1. However, it has since been addressed through patches released in XWiki 14.10.5 and 15.1-rc-1.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.