Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML export process to contain reference elements containing filesystem syntax like "../", "./". or "/" in general. The referenced elements are not properly escaped. This issue has been resolved in version 13.6-rc-1. This issue can be worked around by limiting or disabling document export.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_confirm
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7ph6-5cmq-xgjq
Patch, Third Party Advisory x_refsource_misc
https://github.com/xwiki/xwiki-platform/commit/ab778254fb8f71c774e1c1239368c44fe3b6bba5
Patch, Vendor Advisory x_refsource_misc
https://jira.xwiki.org/browse/XWIKI-18819
Scores
CVSS v3
6.8
EPSS
0.0031
EPSS Percentile
54.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
CWE-116
Status
published
Products (2)
org.xwiki.platform/xwiki-platform-skin-skinx
6.2-rc-1 - 13.6Maven
xwiki/xwiki
< 13.6
Published
Feb 09, 2022
Tracked Since
Feb 18, 2026