CVSS Score of 10 (low)


Published Jun 23, 2023
Updated: Jun 30, 2023


CVE-2023-34464 is a vulnerability affecting XWiki Platform versions 2.2.1 to 14.4.8, 14.10.5, and 15.1RC1 of org.xwiki.platform:xwiki-platform-web and any version prior to 14.4.8, 14.10.5, and 15.1.RC1 of org.xwiki.platform:xwiki-platform-web-templates. The vulnerability allows any user with document editing rights in a wiki, such as the user profile, to create a stored cross-site scripting attack by inserting HTML code into a document and tricking another user into visiting that document with the 'displaycontent' or 'rendercontent' template and plain output syntax. If a user with programming rights falls for this trick and visits the URL, the attacker can perform arbitrary actions using that user's privileges, potentially compromising the confidentiality, integrity, and availability of the entire XWiki installation. The issue has been resolved in XWiki versions 14.4.8, 14.10.5, and 15.1RC1 by setting the content type of the response to plain text when the output syntax is not valid HTML to prevent exploitation. Note: The information provided above is based on the given text description and may not represent the complete details or latest updates about the vulnerability.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-34464 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options