cnvd - cnvd-2022-13407

cnvd-2022-13407

Vulnerability from cnvd

Title: XWiki Platform跨站脚本漏洞（CNVD-2022-13407）

Description:

Xwiki Platform是法国Xwiki公司的一套用于创建Web协作应用程序的Wiki平台。

XWiki Platform存在跨站脚本漏洞，该漏洞源于在registerinline中缺少对用户提供的数据和输出的数据校验过滤，攻击者可利用该漏洞在客户端执行JavaScript代码。

Severity: 中

Patch Name: XWiki Platform跨站脚本漏洞（CNVD-2022-13407）的补丁

Patch Description:

Xwiki Platform是法国Xwiki公司的一套用于创建Web协作应用程序的Wiki平台。

XWiki Platform存在跨站脚本漏洞，该漏洞源于在registerinline中缺少对用户提供的数据和输出的数据校验过滤，攻击者可利用该漏洞在客户端执行JavaScript代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr

Reference: https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9

Impacted products

Name
['XWiki XWiki Platform <12.10.11', 'XWiki XWiki Platform <14.0-rc-1', 'XWiki XWiki Platform <13.4.7', 'XWiki XWiki Platform <13.10.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-23622",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-23622"
    }
  },
  "description": "Xwiki Platform\u662f\u6cd5\u56fdXwiki\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u521b\u5efaWeb\u534f\u4f5c\u5e94\u7528\u7a0b\u5e8f\u7684Wiki\u5e73\u53f0\u3002\n\nXWiki Platform\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728registerinline\u4e2d\u7f3a\u5c11\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u548c\u8f93\u51fa\u7684\u6570\u636e\u6821\u9a8c\u8fc7\u6ee4\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5ba2\u6237\u7aef\u6267\u884cJavaScript\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-13407",
  "openTime": "2022-02-23",
  "patchDescription": "Xwiki Platform\u662f\u6cd5\u56fdXwiki\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u521b\u5efaWeb\u534f\u4f5c\u5e94\u7528\u7a0b\u5e8f\u7684Wiki\u5e73\u53f0\u3002\r\n\r\nXWiki Platform\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728registerinline\u4e2d\u7f3a\u5c11\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u548c\u8f93\u51fa\u7684\u6570\u636e\u6821\u9a8c\u8fc7\u6ee4\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5ba2\u6237\u7aef\u6267\u884cJavaScript\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "XWiki Platform\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2022-13407\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "XWiki XWiki Platform \u003c12.10.11",
      "XWiki XWiki Platform \u003c14.0-rc-1",
      "XWiki XWiki Platform \u003c13.4.7",
      "XWiki XWiki Platform \u003c13.10.3"
    ]
  },
  "referenceLink": "https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9",
  "serverity": "\u4e2d",
  "submitTime": "2022-02-13",
  "title": "XWiki Platform\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2022-13407\uff09"
}

CVE-2022-23622 (GCVE-0-2022-23622)

Vulnerability from cvelistv5

Published

2022-02-09 21:40

Modified

2025-04-23 19:05

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting (XSS) vector in the `registerinline.vm` template related to the `xredirect` hidden field. This template is only used in the following conditions: 1. The wiki must be open to registration for anyone. 2. The wiki must be closed to view for Guest users or more specifically the XWiki.Registration page must be forbidden in View for guest user. A way to obtain the second condition is when administrators checked the "Prevent unregistered users from viewing pages, regardless of the page rights" box in the administration rights. This issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. There are two main ways for protecting against this vulnerability, the easiest and the best one is by applying a patch in the `registerinline.vm` template, the patch consists in checking the value of the xredirect field to ensure it matches: `<input type="hidden" name="xredirect" value="$escapetool.xml($!request.xredirect)" />`. If for some reason it's not possible to patch this file, another workaround is to ensure "Prevent unregistered users from viewing pages, regardless of the page rights" is not checked in the rights and apply a better right scheme using groups and rights on spaces.

References

▼	URL	Tags
	https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr	x_refsource_CONFIRM
	https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9	x_refsource_MISC
	https://jira.xwiki.org/browse/XWIKI-19291	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	xwiki	xwiki-platform	Version: >= 2.6.1, < 12.10.11 Version: >= 13.0.0, < 13.4.7 Version: >= 13.10.0, < 13.10.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:51:45.598Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.xwiki.org/browse/XWIKI-19291"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-23622",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T14:10:39.706765Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T19:05:46.316Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xwiki-platform",
          "vendor": "xwiki",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.6.1, \u003c 12.10.11"
            },
            {
              "status": "affected",
              "version": "\u003e= 13.0.0, \u003c 13.4.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 13.10.0, \u003c 13.10.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting (XSS) vector in the `registerinline.vm` template related to the `xredirect` hidden field. This template is only used in the following conditions: 1. The wiki must be open to registration for anyone. 2. The wiki must be closed to view for Guest users or more specifically the XWiki.Registration page must be forbidden in View for guest user. A way to obtain the second condition is when administrators checked the \"Prevent unregistered users from viewing pages, regardless of the page rights\" box in the administration rights. This issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. There are two main ways for protecting against this vulnerability, the easiest and the best one is by applying a patch in the `registerinline.vm` template, the patch consists in checking the value of the xredirect field to ensure it matches: `\u003cinput type=\"hidden\" name=\"xredirect\" value=\"$escapetool.xml($!request.xredirect)\" /\u003e`. If for some reason it\u0027s not possible to patch this file, another workaround is to ensure \"Prevent unregistered users from viewing pages, regardless of the page rights\" is not checked in the rights and apply a better right scheme using groups and rights on spaces."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-09T21:40:10.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.xwiki.org/browse/XWIKI-19291"
        }
      ],
      "source": {
        "advisory": "GHSA-gx6h-936c-vrrr",
        "discovery": "UNKNOWN"
      },
      "title": "Cross site scripting in registration template in xwiki-platform",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-23622",
          "STATE": "PUBLIC",
          "TITLE": "Cross site scripting in registration template in xwiki-platform"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "xwiki-platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 2.6.1, \u003c 12.10.11"
                          },
                          {
                            "version_value": "\u003e= 13.0.0, \u003c 13.4.7"
                          },
                          {
                            "version_value": "\u003e= 13.10.0, \u003c 13.10.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "xwiki"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting (XSS) vector in the `registerinline.vm` template related to the `xredirect` hidden field. This template is only used in the following conditions: 1. The wiki must be open to registration for anyone. 2. The wiki must be closed to view for Guest users or more specifically the XWiki.Registration page must be forbidden in View for guest user. A way to obtain the second condition is when administrators checked the \"Prevent unregistered users from viewing pages, regardless of the page rights\" box in the administration rights. This issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. There are two main ways for protecting against this vulnerability, the easiest and the best one is by applying a patch in the `registerinline.vm` template, the patch consists in checking the value of the xredirect field to ensure it matches: `\u003cinput type=\"hidden\" name=\"xredirect\" value=\"$escapetool.xml($!request.xredirect)\" /\u003e`. If for some reason it\u0027s not possible to patch this file, another workaround is to ensure \"Prevent unregistered users from viewing pages, regardless of the page rights\" is not checked in the rights and apply a better right scheme using groups and rights on spaces."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr",
              "refsource": "CONFIRM",
              "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr"
            },
            {
              "name": "https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9",
              "refsource": "MISC",
              "url": "https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9"
            },
            {
              "name": "https://jira.xwiki.org/browse/XWIKI-19291",
              "refsource": "MISC",
              "url": "https://jira.xwiki.org/browse/XWIKI-19291"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-gx6h-936c-vrrr",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-23622",
    "datePublished": "2022-02-09T21:40:10.000Z",
    "dateReserved": "2022-01-19T00:00:00.000Z",
    "dateUpdated": "2025-04-23T19:05:46.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted