Loading...

XML

Word

Printable

Details

Type: Security
Resolution: Fixed
Priority: Blocker
Fix Version/s: 14.10.5, 15.1-rc-1
Affects Version/s: 3.4-milestone-1
Component/s: Web - Templates & Resources
Labels:

Difficulty:
Unknown
Documentation:
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x234-mg7q-m8g8
Documentation in Release Notes:
N/A
Similar issues:

Description

Reproduction steps:

Login as admin
Go to URL http://localhost:8080/xwiki/bin/deletespace/Sandbox/?xredirect=javascript:alert(document.domain)
Click "No"

Expected result:

You're redirected to the Sandbox page

Obtained result:

you see an alert

This shows that it's possible to exploit this kind of URL for XSS.
Note that this issue might be mitigated by the fact that this feature is not used anymore in XS, so it could be surprising to request an admin to go there. Now it's still a feature bundled so it could be exploited.

Attachments

Issue Links

depends on

XWIKI-20583 Provide a macro for sanitizing URLs in templates

Closed

is caused by

XWIKI-6687 Be able to delete a space from the UI

Closed

Activity

People

Assignee:: Simon Urli

Reporter:: Simon Urli

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 02/Feb/23 18:42

Updated:: 12/Jul/23 09:16

Resolved:: 02/Feb/23 18:59