Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 09/05/2023 Updated: 16/05/2023

CVSS v3 Base Score: 9.6 | Impact Score: 6 | Exploitability Score: 2.8

VMScore: 0

`org.xwiki.commons:xwiki-commons-xml` is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect restricted cleaning in HTMLCleaner as there attributes are cleaned and thus characters like `/` and `>` are removed in all attribute names. This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by making sure that data attributes only contain allowed characters. There are no known workarounds apart from upgrading to a version including the fix.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xwiki xwiki

CWE-79 https://jira.xwiki.org/browse/XCOMMONS-2606 https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-pv7v-ph6g-3gxv https://github.com/xwiki/xwiki-commons/commit/0b8e9c45b7e7457043938f35265b2aa5adc76a68 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-31126

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect