Home > Vulnerability Database > WS-2013-0248

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

WS-2013-0248

Date: June 17, 2013

Overview

In xwiki-platform versions xwiki-platform-5.0 through xwiki-platform-5.1 are vulnerable to XSS

Details

In xwiki-platform versions xwiki-platform-5.0 through xwiki-platform-5.1 are vulnerable to XSS when displaying unsanitized space name

Affected Environments

Xwiki-platform-5.0 through xwiki-platform-5.1

Prevention

Upgrade to xwiki-platform-5.2

Language: Java

Good to know:

5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Upgrade Version

No fix version available

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	Network
Attack Complexity (AC):	Low
Privileges Required (PR):	Low
User Interaction (UI):	Required
Scope (S):	Changed
Confidentiality (C):	Low
Integrity (I):	Low
Availability (A):	None

Related Resources (2)

Url: https://github.com/xwiki/xwiki-platform/commit/88263bd624e64765ed98428abca6c00f93b81399#diff-dc7bd43a06ae45bb93e38515eff46ba1247ba229d5c0d8197d49b283c71bd645R1570

Url: https://www.mend.io/vulnerability-database/WS-2013-0248