Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-20719

XSS

    XMLWordPrintable

Details

    • Unknown

    Description

      One Reflected XSS when connecting using the identity-oauth method. When login via the OAuth method , the identityOAuth parameters, sent in a GET request is vulnerable. The tests were performed ** on an environment where the oauth redirect to the internal Azure AD authentification portal.

      • request : GET /bin/login/XWiki/XWikiLogin
      • vulnerable parameters identifed (version 15)
        • identityOAuth

      The vulnerability is in this part of the code.

      Attachments

        Activity

          People

            MichaelHamann Michael Hamann
            TriedIt Lucas
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: