CVE-2023-29520
MEDIUMXWiki < 13.10.11 - Denial of Service via Corrupted Translation Document
Title source: llmDescription
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. This will lead to a broken page. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no workarounds other than fixing any way to create a document that fail to load.
References (2)
Core 2
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9jq5-xwqw-q8j3
Exploit, Issue Tracking, Patch, Vendor Advisory x_refsource_misc
https://jira.xwiki.org/browse/XWIKI-20460
Scores
CVSS v3
4.3
EPSS
0.0053
EPSS Percentile
40.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-755
CWE-248
Status
published
Products (2)
org.xwiki.platform/xwiki-platform-localization-source-wiki
4.3-milestone-2 - 13.10.11Maven
xwiki/xwiki
< 13.10.11
Published
Apr 19, 2023
Tracked Since
Feb 18, 2026