CVE-2023-40176
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2023-40176 is a stored XSS vulnerability affecting the XWiki Platform, a widely-used wiki platform. Malicious users can exploit this flaw by manipulating their user profile's time zone preference, which is settable despite being presented as a dropdown menu. Attackers can use various methods, such as JavaScript or URL manipulation, to set the time zone value to their payload, which is then displayed to other users, leading to potential information theft and privilege escalation. This issue has been present since version 4.1M2, and it has been corrected in versions 14.10.5 and 15.1RC1.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Xwiki
Affected Vendors
- xwiki