.. / CVE-2023-45136

Exploit for XWiki < 14.10.14 - Cross-Site Scripting (CVE-2023-45136)

Description:

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy (disabled by default), XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflected cross-site scripting attack in the page creation form. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link.

Nuclei Template

View the template here CVE-2023-45136.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-45136.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-45136
https://jira.xwiki.org/browse/XWIKI-20854