CVE-2023-29508
HIGHXWiki < 13.10.11 - Stored Cross-Site Scripting via Live Data Macro
Title source: llmDescription
XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hmm7-6ph9-8jf2
Issue Tracking, Vendor Advisory x_refsource_misc
https://jira.xwiki.org/browse/XWIKI-20312
Scores
CVSS v3
8.9
EPSS
0.0444
EPSS Percentile
89.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-80
CWE-79
Status
published
Products (3)
org.xwiki.platform/xwiki-platform-livedata-macro
13.10.10 - 13.10.11Maven
xwiki/xwiki
14.10 rc1
xwiki/xwiki
< 13.10.11
Published
Apr 16, 2023
Tracked Since
Feb 18, 2026