Login Sign Up

CVE-2023-35155

8.8 HIGH
Cross-Site Scripting

📋 TL;DR

This is a cross-site scripting (XSS) vulnerability in XWiki Platform that allows attackers to inject malicious JavaScript via specially crafted URLs. When exploited, it enables execution of arbitrary code in victims' browsers. All XWiki installations running vulnerable versions are affected.

💻 Affected Systems

Products:
  • XWiki Platform
Versions: Versions before 14.4.8, 14.10.4, and 15.0-rc-1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All XWiki installations with the share feature enabled are vulnerable. The vulnerability is in the share functionality parameter handling.

📦 What is this software?

Xwiki by Xwiki

View all CVEs affecting Xwiki →

Xwiki by Xwiki

View all CVEs affecting Xwiki →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware on user systems.

🟠

Likely Case

Session hijacking, credential theft, defacement of wiki pages, or redirection to phishing sites.

🟢

If Mitigated

Limited impact if proper Content Security Policy (CSP) headers are implemented and user input validation is enforced.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The advisory includes a working exploit URL. Attack requires user interaction (clicking malicious link) but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 14.4.8, 14.10.4, or 15.0-rc-1

Vendor Advisory: https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fwwj-wg89-7h4c

Restart Required: Yes

Instructions:

1. Backup your XWiki installation. 2. Download patched version from xwiki.org. 3. Follow XWiki upgrade documentation. 4. Restart application server. 5. Verify fix by testing share functionality.

🔧 Temporary Workarounds

Disable Share Feature

all

Temporarily disable the vulnerable share functionality

Edit xwiki.cfg and set 'xwiki.share.enabled=false'

Implement WAF Rules

all

Block malicious patterns in the share parameters

Add WAF rule to block URLs containing '<img src onerror=' patterns in target parameter

🧯 If You Can't Patch

  • Implement strict Content Security Policy headers to block inline JavaScript execution
  • Deploy web application firewall with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Test with the provided exploit URL pattern: /xwiki/bin/view/Main/?viewer=share&send=1&target=<img src onerror=alert(document.domain)>

Check Version:

Check XWiki version in Administration → About or via REST API

Verify Fix Applied:

After patching, test the same exploit URL should not execute JavaScript

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests with 'viewer=share' parameter containing HTML/JavaScript patterns
  • Unusual share feature usage patterns

Network Indicators:

  • URLs with encoded HTML entities in target parameter
  • Requests to share endpoint with suspicious payloads

SIEM Query:

web.url:*viewer=share* AND (web.param.target:*%3C* OR web.param.target:*onerror*)

📊 Metadata

CVE ID: CVE-2023-35155
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
CWE: CWE-79
Published: June 23, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35155, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)