Cross-Site Scripting Vulnerability in XWiki Platform by XWiki
CVE-2024-43400

5.4MEDIUM

Key Information:

Vendor: Xwiki
Status: Xwiki
Vendor: CVE Published:; 19 August 2024

Summary

The XWiki Platform, a widely-used generic wiki, is vulnerable to a cross-site scripting exploit that allows unauthorized users to create URLs embedding malicious JavaScript. By leveraging social engineering tactics, attackers can deceive users into clicking on such links, potentially compromising their data or affecting platform integrity. This vulnerability has been addressed in subsequent updates; users are encouraged to upgrade to versions 14.10.21, 15.5.5, 15.10.6, or 16.0.0 to mitigate risks.

References

https://github.com/xwiki/xwiki-platform/security/advisori...

https://github.com/xwiki/xwiki-platform/commit/27eca8423f...

https://jira.xwiki.org/browse/XWIKI-21810

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 19, 2024