Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-45138: XSS through title of change request

Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to version 1.9.2, it’s possible for a user without any specific right to perform script injection and remote code execution just by inserting an appropriate title when creating a new Change Request. This vulnerability is particularly critical as Change Request aims at being created by user without any particular rights. The vulnerability has been fixed in Change Request 1.9.2. It’s possible to workaround the issue without upgrading by editing the document ChangeRequest.Code.ChangeRequestSheet and by performing the same change as in the fix commit.

CVE
Open in Source
#xss#vulnerability#rce#auth

  • **Type: ** Bug

  • Resolution: Fixed

  • **Priority: ** Blocker

  • Affects Version/s: 0.11

  • Component/s: None

It’s possible to exploit the title of CR to perform injection.
Reproduction step:

  • Create a new CR with a title {{/html asyncgroovy}}println(“Hello from groovy!”){{/groovy/async}}
  • With admin user go to see that CR

Expected result:

  • the title should not be executed

Obtained result:

  • the title is executed in the sheet of the CR

is caused by

CRAPP-64 Authors without edit rights should be able to edit title of CR

  • Closed

Related news

GHSA-f776-w9v2-7vfj: XWiki Change Request Application UI XSS and remote code execution through change request title

### Impact It's possible for a user without any specific right to perform script injection and remote code execution just by inserting an appropriate title when creating a new Change Request. This vulnerability is particularly critical as Change Request aims at being created by user without any particular rights. ### Patches The vulnerability has been fixed in Change Request 1.9.2. ### Workarounds It's possible to workaround the issue without upgrading by editing the document `ChangeRequest.Code.ChangeRequestSheet` and by performing the same change as in the commit: https://github.com/xwiki-contrib/application-changerequest/commit/7565e720117f73102f5a276239eabfe85e15cff4. ### References * JIRA ticket: https://jira.xwiki.org/browse/CRAPP-298 * Commit of the fix: https://github.com/xwiki-contrib/application-changerequest/commit/7565e720117f73102f5a276239eabfe85e15cff4 ### For more information If you have any questions or comments about this advisory: * Open an issue in [J...

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE