CVE-2022-23622
Vulnerability from cvelistv5
Published
2022-02-09 21:40
Modified
2024-08-03 03:51
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting (XSS) vector in the `registerinline.vm` template related to the `xredirect` hidden field. This template is only used in the following conditions: 1. The wiki must be open to registration for anyone. 2. The wiki must be closed to view for Guest users or more specifically the XWiki.Registration page must be forbidden in View for guest user. A way to obtain the second condition is when administrators checked the "Prevent unregistered users from viewing pages, regardless of the page rights" box in the administration rights. This issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. There are two main ways for protecting against this vulnerability, the easiest and the best one is by applying a patch in the `registerinline.vm` template, the patch consists in checking the value of the xredirect field to ensure it matches: `<input type="hidden" name="xredirect" value="$escapetool.xml($!request.xredirect)" />`. If for some reason it's not possible to patch this file, another workaround is to ensure "Prevent unregistered users from viewing pages, regardless of the page rights" is not checked in the rights and apply a better right scheme using groups and rights on spaces.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:51:45.598Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.xwiki.org/browse/XWIKI-19291"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xwiki-platform",
          "vendor": "xwiki",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.6.1, \u003c 12.10.11"
            },
            {
              "status": "affected",
              "version": "\u003e= 13.0.0, \u003c 13.4.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 13.10.0, \u003c 13.10.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting (XSS) vector in the `registerinline.vm` template related to the `xredirect` hidden field. This template is only used in the following conditions: 1. The wiki must be open to registration for anyone. 2. The wiki must be closed to view for Guest users or more specifically the XWiki.Registration page must be forbidden in View for guest user. A way to obtain the second condition is when administrators checked the \"Prevent unregistered users from viewing pages, regardless of the page rights\" box in the administration rights. This issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. There are two main ways for protecting against this vulnerability, the easiest and the best one is by applying a patch in the `registerinline.vm` template, the patch consists in checking the value of the xredirect field to ensure it matches: `\u003cinput type=\"hidden\" name=\"xredirect\" value=\"$escapetool.xml($!request.xredirect)\" /\u003e`. If for some reason it\u0027s not possible to patch this file, another workaround is to ensure \"Prevent unregistered users from viewing pages, regardless of the page rights\" is not checked in the rights and apply a better right scheme using groups and rights on spaces."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-09T21:40:10",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.xwiki.org/browse/XWIKI-19291"
        }
      ],
      "source": {
        "advisory": "GHSA-gx6h-936c-vrrr",
        "discovery": "UNKNOWN"
      },
      "title": "Cross site scripting in registration template in xwiki-platform",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-23622",
          "STATE": "PUBLIC",
          "TITLE": "Cross site scripting in registration template in xwiki-platform"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "xwiki-platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 2.6.1, \u003c 12.10.11"
                          },
                          {
                            "version_value": "\u003e= 13.0.0, \u003c 13.4.7"
                          },
                          {
                            "version_value": "\u003e= 13.10.0, \u003c 13.10.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "xwiki"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting (XSS) vector in the `registerinline.vm` template related to the `xredirect` hidden field. This template is only used in the following conditions: 1. The wiki must be open to registration for anyone. 2. The wiki must be closed to view for Guest users or more specifically the XWiki.Registration page must be forbidden in View for guest user. A way to obtain the second condition is when administrators checked the \"Prevent unregistered users from viewing pages, regardless of the page rights\" box in the administration rights. This issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. There are two main ways for protecting against this vulnerability, the easiest and the best one is by applying a patch in the `registerinline.vm` template, the patch consists in checking the value of the xredirect field to ensure it matches: `\u003cinput type=\"hidden\" name=\"xredirect\" value=\"$escapetool.xml($!request.xredirect)\" /\u003e`. If for some reason it\u0027s not possible to patch this file, another workaround is to ensure \"Prevent unregistered users from viewing pages, regardless of the page rights\" is not checked in the rights and apply a better right scheme using groups and rights on spaces."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr",
              "refsource": "CONFIRM",
              "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr"
            },
            {
              "name": "https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9",
              "refsource": "MISC",
              "url": "https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9"
            },
            {
              "name": "https://jira.xwiki.org/browse/XWIKI-19291",
              "refsource": "MISC",
              "url": "https://jira.xwiki.org/browse/XWIKI-19291"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-gx6h-936c-vrrr",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-23622",
    "datePublished": "2022-02-09T21:40:10",
    "dateReserved": "2022-01-19T00:00:00",
    "dateUpdated": "2024-08-03T03:51:45.598Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-23622\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-02-09T22:15:07.540\",\"lastModified\":\"2024-11-21T06:48:57.340\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting (XSS) vector in the `registerinline.vm` template related to the `xredirect` hidden field. This template is only used in the following conditions: 1. The wiki must be open to registration for anyone. 2. The wiki must be closed to view for Guest users or more specifically the XWiki.Registration page must be forbidden in View for guest user. A way to obtain the second condition is when administrators checked the \\\"Prevent unregistered users from viewing pages, regardless of the page rights\\\" box in the administration rights. This issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. There are two main ways for protecting against this vulnerability, the easiest and the best one is by applying a patch in the `registerinline.vm` template, the patch consists in checking the value of the xredirect field to ensure it matches: `\u003cinput type=\\\"hidden\\\" name=\\\"xredirect\\\" value=\\\"$escapetool.xml($!request.xredirect)\\\" /\u003e`. If for some reason it\u0027s not possible to patch this file, another workaround is to ensure \\\"Prevent unregistered users from viewing pages, regardless of the page rights\\\" is not checked in the rights and apply a better right scheme using groups and rights on spaces.\"},{\"lang\":\"es\",\"value\":\"XWiki Platform es una plataforma wiki gen\u00e9rica que ofrece servicios de ejecuci\u00f3n para las aplicaciones construidas sobre ella. En las versiones afectadas se presenta un vector de tipo cross site scripting (XSS) en la plantilla \\\"registerinline.vm\\\" relacionado con el campo oculto \\\"xredirect\\\". Esta plantilla s\u00f3lo es usada en las siguientes condiciones 1. El wiki debe estar abierto al registro para cualquiera. 2. El wiki debe estar cerrado a la visualizaci\u00f3n para usuarios invitados o, m\u00e1s concretamente, la p\u00e1gina XWiki.Registration debe estar prohibida en View para usuarios invitados. Una forma de obtener la segunda condici\u00f3n es cuando los administradores marcan la casilla \\\"Prevent unregistered users from viewing pages, regardless of the page rights\\\" en los derechos de administraci\u00f3n. Este problema est\u00e1 parcheado en las versiones 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. Se presentan dos formas principales de protegerse contra esta vulnerabilidad, la m\u00e1s f\u00e1cil y la mejor es aplicando un parche en la plantilla \\\"registerinline.vm\\\", el parche consiste en comprobar el valor del campo xredirect para asegurarse de que coincide: \\\"(input type=\\\"hidden\\\" name=\\\"xredirect\\\" value=\\\"$escapetool.xml($!request.xredirect)\\\" /)\\\". Si por alguna raz\u00f3n no es posible parchear este archivo, otra medida de mitigaci\u00f3n es asegurarse de que la opci\u00f3n \\\"Prevent unregistered users from viewing pages, regardless of the page rights\\\" no est\u00e9 marcada en los derechos y aplicar un mejor esquema de derechos usando grupos y derechos en los espacios\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"12.10.10\",\"matchCriteriaId\":\"E4739F1E-1CC5-41FC-A93D-08807DEF75CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndIncluding\":\"13.4.6\",\"matchCriteriaId\":\"5C2AF753-69A0-4B05-87BF-A3020F544A1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:13.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79E24FC2-CB28-4A00-AB05-D7068C8D8D39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:13.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1873519-3D31-4D0E-B442-597962CB2ED7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:13.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"557EAEC1-CDFD-41A8-A609-28049D999AB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8464428C-4BC2-49F9-9040-5D98E7C0B776\"}]}]}],\"references\":[{\"url\":\"https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://jira.xwiki.org/browse/XWIKI-19291\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://jira.xwiki.org/browse/XWIKI-19291\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.