Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-20783

Missing CSRF token causes warning that the content will be executed in restricted mode to be displayed in some unexpected places

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Blocker
    • 15.3-rc-1, 14.10.8
    • 15.2-rc-1, 14.10.7
    • XClass
    • Windows 11 Pro, Firefox 111, using a local instance of XWiki 14.10.7 on PostgreSQL 15, Tomcat 9.0.73
    • Unknown
    • N/A
    • N/A

    Description

      Steps to reproduce

      1. Login as Admin
      2. Go to Administer Wiki > Look & Feel > Image Styles
      3. Fill a New Image Style name
      4. Click "Create the image style"

      Expected results

      No warning is displayed on the top of the page.

      Actual results

      The following warning is displayed:

      Warning: For security reasons, the content of the edited document is executed in restricted mode, as the edit was not initiated by a validated request. There may be unexpected errors due to this

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-20386 CSRF privilege escalation/RCE via the edit action

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Activity

            People

              tmortagne Thomas Mortagne
              iandriuta Ilie Andriuta
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: