8.8

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-29518

CVE-2023-29518: XWiki Platform vulnerable to privilege escalation from view right using Invitation.InvitationCommon

Impact

Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of Invitation.InvitationCommon. This page is installed by default.

See https://jira.xwiki.org/browse/XWIKI-20283 for the reproduction steps.

Patches

The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11.

Workarounds

The issue can be fixed by applying this patch on Invitation.InvitationCommon.

References

https://github.com/xwiki/xwiki-platform/commit/3d055a0a5ec42fdebce4d71ee98f94553fdbfebf
https://jira.xwiki.org/browse/XWIKI-20283

For more information

If you have any questions or comments about this advisory:

Open an issue in Jira XWiki.org
Email us at Security Mailing List

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-29518

CVE-2023-29518:

8.8

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.xwiki.platform:xwiki-platform-invitation-ui	maven	>= 2.5-m-1, < 13.10.11	13.10.11
org.xwiki.platform:xwiki-platform-invitation-ui	maven	>= 14.0-rc-1, < 14.4.8	14.4.8
org.xwiki.platform:xwiki-platform-invitation-ui	maven	>= 14.5, < 14.10.1	14.10.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper output escaping in the InvitationCommon.xml Velocity template. The patch adds $escapetool.xml() wrappers around multiple instances of $services.localization.render() and other dynamic outputs. The original code directly rendered these values without sanitization, allowing malicious payloads to be interpreted as code. The CWE-74 classification and reproduction steps confirm this was an injection vulnerability via unescaped output in the template. The added test cases validate proper escaping of script tags and macro syntax, confirming the vulnerable pattern.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

8.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-29518: XWiki Platform vulnerable to privilege escalation from view right using Invitation.InvitationCommon

Impact

Patches

Workarounds

References

For more information

CVE-2023-29518:

8.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2023-29518: XWiki Platform vulnerable to privilege escalation from view right using Invitation.InvitationCommon

Impact

Patches

Workarounds

References

For more information

Technical Details

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

8.8

8.8

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI