Details
-
Bug
-
Resolution: Fixed
-
Blocker
-
4.2-milestone-3
-
Unit
-
Unknown
-
N/A
-
N/A
-
Description
Steps to reproduce:
Open /xwiki/bin/view/Main/?xpage=distribution&extensionId=%3Cimg src=x onerror=alert(document.domain)%3E&extensionVersionConstraint=%3Cimg src=x onerror=alert(document.domain)%3E on your XWiki installation.
Expected result:
No alert or broken image is displayed.
Actual result:
An alert and two broken images are displayed.
The vulnerable code has been introduced in this commit that is part of XWiki 4.2 Milestone 3.
The same kind of vulnerability is also exploitable on /xwiki/bin/view/Main/?xpage=job_status_json&jobId=asdf&translationPrefix=<img src=1 onerror=alert(document.domain)>, the vulnerable code for that template has been introduced in this commit which was part of XWiki 11.10. While it is a different template, it's part of the same module and the scope of the vulnerability is exactly the same.
The second vulnerability and a variant of the first vulnerability were first reported in XWIKI-23087 by Evgeny Kopytin and Aleksey Solovev of Positive
Technologies together with another vulnerability.
Attachments
Issue Links
- relates to
-
-
- Closed
-
- links to