9.1

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-32071

CVE-2023-32071: XWiki Platform vulnerable to RXSS via editor parameter - importinline template

Impact

It's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment.

To reproduce:

add an attachment to a page (for example, your user profile)
add ?xpage=importinline&editor=%22%3E%3Cimg%20src%20onerror=alert(document.domain)%3E to the page view URL as in https://myhost/xwiki/bin/view/XWiki/MyUser?xpage=importinline&editor=%22%3E%3Cimg%20src%20onerror=alert(document.domain)%3E

Patches

This has been patched in XWiki 15.0-rc-1, 14.10.4 and 14.4.8.

Workarounds

The easiest is to edit file <xwiki app>/templates/importinline.vm and apply the modification described on https://github.com/xwiki/xwiki-platform/commit/28905f7f518cc6f21ea61fe37e9e1ed97ef36f01

References

https://jira.xwiki.org/browse/XWIKI-20340 https://app.intigriti.com/company/submissions/e95a7ad5-7029-4627-abf0-3e3e3ea0b4ce/XWIKI-E93DFEYK

Attribution

This vulnerability has been reported on Intigriti by René de Sain @renniepak.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-32071

CVE-2023-32071:

9.1

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.xwiki.platform:xwiki-platform-distribution-war	maven	>= 2.2-milestone-1, < 14.4.8	14.4.8
org.xwiki.platform:xwiki-platform-distribution-war	maven	>= 14.5, < 14.10.4	14.10.4

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper output encoding in the importinline.vm Velocity template. The pre-patch code concatenated raw request parameters ($request.editor and $request.section) into a query string without proper URL encoding. This allowed attackers to inject HTML/JavaScript payloads through the editor parameter that would execute when rendered. The commit diff shows the fix added URL encoding via $escapetool.url(), confirming the lack of proper output encoding was the root cause. The template's handling of these parameters in the query string construction is the clear vulnerable code path.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

9.1

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-32071: XWiki Platform vulnerable to RXSS via editor parameter - importinline template

Impact

Patches

Workarounds

References

Attribution

CVE-2023-32071:

9.1

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

9.1

9.1

Technical Details

CVE-2023-32071: XWiki Platform vulnerable to RXSS via editor parameter - importinline template

Impact

Patches

Workarounds

References

Attribution

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI