XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11.
References
Link | Resource |
---|---|
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hmm7-6ph9-8jf2 | Vendor Advisory |
https://jira.xwiki.org/browse/XWIKI-20312 | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-04-16T07:00:43.391Z
Updated: 2023-04-16T07:00:43.391Z
Reserved: 2023-04-07T18:56:54.626Z
Link: CVE-2023-29508
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-16T08:15:07.513
Modified: 2023-04-26T13:12:45.273
Link: CVE-2023-29508
JSON object: View
Redhat Information
No data.