virus logo Client Application Firewall

XWiki.org.XWiki.importinline.Reflected.XSS

description-logoDescription

This indicates an attack attempt to exploit a Cross-Site Scripting Vulnerability in XWiki.org XWiki.
This vulnerability is due to improper input validation of the editor and section parameters for the importinline view. A remote attacker could exploit this vulnerability by enticing a victim to open a crafted link. Successfully exploiting this vulnerability could result in arbitrary code execution in the context of the victim's browser

affected-products-logoAffected Products

XWiki.org XWiki 14.4.x prior to 14.4.8
XWiki.org XWiki prior to 14.10.4
XWiki.org XWiki prior to 15.0-rc-1

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j9h5-vcgv-2jfm

ID 53389
Created Jul 12, 2023
Updated Jul 31, 2023
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Exploit Prediction Score 46.78%
Default Action drop
Affected OS Linux
Affected App Other
Profile Type XSS