CVE-2023-29506
MEDIUM NUCLEIXwiki < 13.10.11 - XSS
Title source: ruleDescription
XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.
Nuclei Templates (1)
XWiki >= 13.10.8 - Cross-Site Scripting
MEDIUMVERIFIEDby ritikchaddha
Shodan:
html:"data-xwiki-reference"
FOFA:
body="data-xwiki-reference"
References (3)
Scores
CVSS v3
5.4
EPSS
0.1150
EPSS Percentile
93.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (4)
org.xwiki.platform/xwiki-platform-security-authentication-default
13.10.8 - 13.10.11Maven
xwiki/xwiki
14.6
xwiki/xwiki
14.10 rc1
xwiki/xwiki
13.10.8 - 13.10.11
Published
Apr 16, 2023
Tracked Since
Feb 18, 2026