Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2013-0246

Date: July 29, 2013

Overview

InXwiki versionS xwiki-platform-3.1 through xwiki-platform-5.1 are vulnerable to stored XSS.

Details

InXwiki versionS xwiki-platform-3.1 through xwiki-platform-5.1 are vulnerable to stored XSS via uploading specially crafted HTML file

Affected Environments

Xwiki versionS xwiki-platform-3.1 through xwiki-platform-5.1

Prevention

Upgrade to xwiki-platform-5.2

Language: Java

Good to know:

icon

Cross-Site Scripting (XSS)

CWE-79
icon

Upgrade Version

Upgrade to version xwiki-platform-5.2

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None

Related Resources (4)

https://github.com/xwiki/xwiki-platform/commit/45440c067bb1a0020946a920fc8c93723f78968d#diff-f16636e21658a0cc4675a4b2e67b352e62316cfc55898888bdffda291edd19c6R284
In xwiki-platform versions xwiki-platform-3.1 through xwiki-platform-5.1 are vulnerable to cross-site scripting via uploading specially crafted HTML file
https://www.mend.io/vulnerability-database/WS-2013-0246