Headline
CVE-2023-29506: RXSS with authenticate endpoints
XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.
Package
maven org.xwiki.platform:xwiki-platform-security-authentication-default (Maven)
Affected versions
>= 13.10.8, < 13.10.11
>= 14.4.3, < 14.4.7
>= 14.6, < 14.10
Patched versions
13.10.11
14.4.7
14.10
Impact
It was possible to inject some code using the URL of authenticate endpoints, e.g.:
https://hostname/xwiki/authenticate/wiki/xwiki%22onload=%22alert(origin)%22/resetpassword
This vulnerability was present in recent versions of XWiki:
- 13.10.8+
- 14.4.3+
- 14.6+
Patches
This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.
Workarounds
There is no easy workaround except to upgrade.
References
- https://jira.xwiki.org/browse/XWIKI-20335
- 1943ea2
For more information
If you have any questions or comments about this advisory:
- Open an issue in Jira
- Email us at security mailing-list
Related news
### Impact It was possible to inject some code using the URL of authenticate endpoints, e.g.: ``` https://hostname/xwiki/authenticate/wiki/xwiki%22onload=%22alert(origin)%22/resetpassword ``` This vulnerability was present in recent versions of XWiki: - 13.10.8+ - 14.4.3+ - 14.6+ ### Patches This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10. ### Workarounds There is no easy workaround except to upgrade. ### References - https://jira.xwiki.org/browse/XWIKI-20335 - https://github.com/xwiki/xwiki-platform/commit/1943ea26c967ef868fb5f67c487d98d97cba0380 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira](https://jira.xwiki.org) * Email us at [security mailing-list](mailto:[email protected])