CVE-2023-29204

MEDIUM NUCLEI

XWiki - Open Redirect

Title source: llm

Description

XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as `//mydomain.com` (i.e. omitting the `http:`). It was also possible to bypass it when using URL such as `http:/mydomain.com`. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1.

Nuclei Templates (1)

XWiki - Open Redirect

MEDIUMby ritikchaddha

Shodan: html:"data-xwiki-reference"

FOFA: body="data-xwiki-reference"

References (4)

[Patch] https://github.com/xwiki/xwiki-platform/commit/e4f7f68e93cb08c25632c126356d218abf192d1e#diff-c445f288d5d63424f56ef13f65514ab4e174a72e979b53b88197c2b7def267cf

View Patch ZIP pw:eip

[Exploit, Patch, Vendor Advisory] https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xwph-x6xj-wggv

[Exploit, Issue Tracking] https://jira.xwiki.org/browse/XWIKI-10309

[Exploit, Issue Tracking] https://jira.xwiki.org/browse/XWIKI-19994

Scores

CVSS v3 4.7

EPSS 0.0102

EPSS Percentile 77.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Details

CWE

CWE-601

Status published

Products (3)

org.xwiki.platform/xwiki-platform-oldcore 6.0-rc-1 - 13.10.10Maven

xwiki/xwiki 6.0 rc1

xwiki/xwiki 6.0 - 13.10.10

Published Apr 15, 2023

Tracked Since Feb 18, 2026