Vulnerability Description
XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped `<script>` and `<style>`-tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like `<iframe>`. As a consequence, any code relying on this "restricted" mode for security is vulnerable to JavaScript injection ("cross-site scripting"/XSS). When a privileged user with programming rights visits such a comment in XWiki, the malicious JavaScript code is executed in the context of the user session. This allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. This problem has been patched in XWiki 14.6 RC1 with the introduction of a filter with allowed HTML elements and attributes that is enabled in restricted mode. There are no known workarounds apart from upgrading to a version including the fix.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xwiki | Xwiki | >= 5.0, <= 14.5 |
Related Weaknesses (CWE)
References
- https://github.com/xwiki/xwiki-commons/commit/4a185e0594d90cd4916d60aa60bb4333dcPatch
- https://github.com/xwiki/xwiki-commons/commit/b11eae9d82cb53f32962056b5faa73f372Patch
- https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-m3jr-cvhj-f35jExploitPatchVendor Advisory
- https://jira.xwiki.org/browse/XCOMMONS-1680ExploitIssue Tracking
- https://jira.xwiki.org/browse/XCOMMONS-2426ExploitIssue Tracking
- https://jira.xwiki.org/browse/XWIKI-9118ExploitIssue Tracking
- https://github.com/xwiki/xwiki-commons/commit/4a185e0594d90cd4916d60aa60bb4333dcPatch
- https://github.com/xwiki/xwiki-commons/commit/b11eae9d82cb53f32962056b5faa73f372Patch
- https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-m3jr-cvhj-f35jExploitPatchVendor Advisory
- https://jira.xwiki.org/browse/XCOMMONS-1680ExploitIssue Tracking
- https://jira.xwiki.org/browse/XCOMMONS-2426ExploitIssue Tracking
- https://jira.xwiki.org/browse/XWIKI-9118ExploitIssue Tracking
FAQ
What is CVE-2023-29201?
CVE-2023-29201 is a vulnerability with a CVSS score of 9.0 (CRITICAL). XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped `<script...
How severe is CVE-2023-29201?
CVE-2023-29201 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-29201?
Check the references section above for vendor advisories and patch information. Affected products include: Xwiki Xwiki.