.. / CVE-2023-29204

Exploit for XWiki - Open Redirect (CVE-2023-29204)

Description:

XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as //mydomain.com (i.e. omitting the http:). It was also possible to bypass it when using URL such as http:/mydomain.com. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1.

Nuclei Template

View the template here CVE-2023-29204.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-29204.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-29204
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xwph-x6xj-wggv
https://jira.xwiki.org/browse/XWIKI-10309
https://jira.xwiki.org/browse/XWIKI-19994