Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-23472

Reflected Cross-Site Scripting (XSS) in page history compare

    XMLWordPrintable

Details

    • Unit
    • Unknown
    • N/A
    • N/A

    Description

      The rev1 and rev2 parameters in page history compare are vulnerable to unauthenticated reflected XSS attacks.

      Below is an example payload for the Sandbox pages.

      http://<host>/bin/view/Sandbox/?viewer=changes&rev1=9.1&rev2=xar%3aorg.xwiki.platform%3axwiki-platform-distribution-flavor-common%2f17.6.0q1che%27%3E%3Cscript%3Ealert(1)%3C%2fscript%3Evfu80q44msz&form_token=VX4OGRD4Qszx2m2Vt08FFA&language=en&rev2=xar%3Aorg.xwiki.platform%3Axwiki-platform-distribution-flavor-common%2F17.6.0&rev1=9.1

      Attachments

        Issue Links

          is caused by

          Improvement - An improvement or enhancement to an existing feature or task. XWIKI-15129 Add navigation (previous/next version) buttons in the changes view

          • Major - Major loss of function.
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-21095 RXSS through revision parameter in content menu

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed
          links to

          Web Link Security Advisory

          Activity

            People

              MichaelHamann Michael Hamann
              mikecole-mg Mike Cole
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: