CVE-2024-43400 — CRITICAL (9.0)

Q: How severe is CVE-2024-43400?

CVE-2024-43400 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2024-43400?

Check the references section above for vendor advisories and patch information. Affected products include: Xwiki Xwiki.

Vulnerability Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript. This requires social engineer to trick a user to follow the URL. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0.

CVSS Score

9.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Xwiki	Xwiki	< 14.10.21

Related Weaknesses (CWE)

CWE-79 CWE-96

References

https://github.com/xwiki/xwiki-platform/commit/27eca8423fc1ad177518077a733076821Patch
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wcg9-pgqv-xm5vVendor Advisory
https://jira.xwiki.org/browse/XWIKI-21810Issue TrackingVendor Advisory

FAQ

What is CVE-2024-43400?

CVE-2024-43400 is a vulnerability with a CVSS score of 9.0 (CRITICAL). XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without Script or Programming rights to craft a URL pointing to a pag...

How severe is CVE-2024-43400?

CVE-2024-43400 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-43400?

Check the references section above for vendor advisories and patch information. Affected products include: Xwiki Xwiki.