CVE-2023-29525

CRITICAL

Xwiki < 14.4.8 - Injection

Title source: rule

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Affected versions of xwiki are subject to code injection in the `since` parameter of the `/xwiki/bin/view/XWiki/Notifications/Code/LegacyNotificationAdministration` endpoint. This provides an XWiki syntax injection attack via the since-parameter, allowing privilege escalation from view to programming rights and subsequent code execution privilege. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.3, 14.4.8 and 14.10.3. Users are advised to upgrade. Users unable to upgrade may modify the page `XWiki.Notifications.Code.LegacyNotificationAdministration` to add the missing escaping. For versions < 14.6-rc-1 a workaround is to modify the file `<xwikiwebapp>/templates/distribution/eventmigration.wiki` to add the missing escaping.

References (4)

Core 4

Core References

Exploit, Patch, Vendor Advisory x_refsource_confirm

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jgg7-w2rj-58cj

Patch x_refsource_misc

https://github.com/xwiki/xwiki-platform/commit/6d74e2e4aa03d19f0be385ab63ae9e0f0e90a766

View Patch ZIP pw:eip

Patch x_refsource_misc

https://github.com/xwiki/xwiki-platform/commit/8e7c7f90f2ddaf067cb5b83b181af41513028754#diff-4e13f4ee4a42938bf1201b7ee71ca32edeacba22559daf0bcb89d534e0225949R70

Exploit, Issue Tracking, Patch, Vendor Advisory x_refsource_misc

https://jira.xwiki.org/browse/XWIKI-20287

Scores

CVSS v3 9.9

EPSS 0.2524

EPSS Percentile 96.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-74

Status published

Products (3)

org.xwiki.platform/xwiki-platform-distribution-war 12.6.1 - 13.10.11Maven

org.xwiki.platform/xwiki-platform-legacy-events-hibernate-ui 14.6-rc-1 - 14.10.3Maven

xwiki/xwiki < 14.4.8

Published Apr 19, 2023

Tracked Since Feb 18, 2026