CVE-2023-50720

MEDIUM NUCLEI

Xwiki < 14.10.5 - Information Disclosure

Title source: rule

Description

XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*` using XWiki's regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability.

Nuclei Templates (1)

XWiki < 4.10.15 - Email Disclosure
MEDIUMVERIFIEDby ritikchaddha
Shodan: html:"data-xwiki-reference"
FOFA: body="data-xwiki-reference"

References (3)

Scores

CVSS v3 5.3
EPSS 0.4972
EPSS Percentile 97.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (4)
org.xwiki.platform/xwiki-platform-search-solr-api 0 - 14.10.15Maven
xwiki/xwiki 15.6 (2 CPE variants)
xwiki/xwiki 15.7 rc1
xwiki/xwiki < 14.10.5
Published Dec 15, 2023
Tracked Since Feb 18, 2026