CVE-2023-45134

CVSS 3.1 Score 9.0 of 10 (high)

Details

Published Oct 25, 2023
Updated: Nov 2, 2023
CWE ID 79

Summary

CVE-2023-45134 is a cross-site scripting vulnerability that affects XWiki Platform. Specifically, the vulnerable versions include org.xwiki.platform:xwiki-platform-web prior to 13.4-rc-1, org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.2 and 15.5-rc-1, and org.xwiki.platform:xwiki-web-standard prior to version 3.1-milestone-1. This vulnerability allows an attacker to create a malicious template provider on any document within the wiki, including the attacker's user profile. When this template provider is selected during document creation, the malicious code is executed, potentially leading to arbitrary actions with the user's rights. To remediate this vulnerability, it is recommended to update XWiki Platform to versions that are not affected by this issue. This vulnerability has a base severity of CRITICAL with a CVSS score of 9.0 and poses a high risk to organizations due to its potential impact on confidentiality and integrity of data.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-45134 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options