CVE-2023-29520

MEDIUM

Xwiki < 13.10.11 - Improper Exception Handling

Title source: rule

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. This will lead to a broken page. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no workarounds other than fixing any way to create a document that fail to load.

References (2)

[Exploit, Vendor Advisory] https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9jq5-xwqw-q8j3

[Exploit, Issue Tracking, Patch, Vendor Advisory] https://jira.xwiki.org/browse/XWIKI-20460

Scores

CVSS v3 4.3

EPSS 0.0027

EPSS Percentile 49.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-755 CWE-248

Status published

Products (2)

org.xwiki.platform/xwiki-platform-localization-source-wiki 4.3-milestone-2 - 13.10.11Maven

xwiki/xwiki < 13.10.11

Published Apr 19, 2023

Tracked Since Feb 18, 2026