CVE-2023-35153

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jun 23, 2023
Updated: Jun 30, 2023
CWE ID 79
CWE ID 80

Summary

CVE-2023-35153 is a stored cross-site scripting (XSS) vulnerability affecting XWiki Platform, a popular wiki solution. This issue, which exists in versions 5.4.4 and earlier, allows users with edit rights to exploit the vulnerability by adding a `AppWithinMinutes.FormFieldCategoryClass` class on a page and setting the payload on the page title. Any user visiting `/xwiki/bin/view/AppWithinMinutes/ClassEditSheet` will execute the payload. This vulnerability has been patched in XWiki versions 14.4.8, 14.10.4, and 15.0. As a temporary solution, users can apply a patch to `AppWithinMinutes.ClassEditSheet`.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share