.. / CVE-2023-50720

Exploit for XWiki < 4.10.15 - Email Disclosure (CVE-2023-50720)

Description:

The Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email* using XWiki’s regular search interface.

Nuclei Template

View the template here CVE-2023-50720.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-50720.yaml
Copy

References:

https://jira.xwiki.org/browse/XWIKI-20371
https://nvd.nist.gov/vuln/detail/CVE-2023-50720