Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Invalid
Priority: Major
Fix Version/s: None
Affects Version/s: 15.0
Component/s: Authentication
Labels:

Difficulty:
Unknown
Similar issues:

Description

One Reflected XSS when connecting using the identity-oauth method. When login via the OAuth method , the identityOAuth parameters, sent in a GET request is vulnerable. The tests were performed ** on an environment where the oauth redirect to the internal Azure AD authentification portal.

request : GET /bin/login/XWiki/XWikiLogin
vulnerable parameters identifed (version 15)
- identityOAuth

The vulnerability is in this part of the code.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

XSS-Xwiki.png
08/Mar/23 18:13
101 kB
Lucas

Activity

People

Assignee:: Michael Hamann

Reporter:: Lucas

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 08/Mar/23 18:17

Updated:: 3 days ago 18:12

Resolved:: 02/Apr/23 22:27

Date of First Response:: 02/Apr/23 10:27 PM