CVE-2024-43400

MEDIUM EPSS 36.6%
Published Aug 19, 20241y ago · Modified Jun 17, 20261w ago
5.4 CVSS 3.1
Medium
Find Similar
Published Aug 19, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript. This requires social engineer to trick a user to follow the URL. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0.

CVSS Details

Base Score
5.4
Exploitability
2.3
Impact
2.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
36.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-79 Cross-site Scripting Injection
CWE-96

Affected Products 3

VendorProductVersionRange
xwikixwiki* <14.10.21
xwikixwiki*≥15.0  –  <15.5.5
xwikixwiki*≥15.6  –  <15.10.6

References 3

  • github.com https://github.com/xwiki/xwiki-platform/commit/27eca8423fc1ad177518077a733076821268509c
    Patch
  • github.com https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wcg9-pgqv-xm5v
    Vendor Advisory
  • jira.xwiki.org https://jira.xwiki.org/browse/XWIKI-21810
    Issue TrackingVendor Advisory

Remediation

  • github.com https://github.com/xwiki/xwiki-platform/commit/27eca8423fc1ad177518077a733076821268509c
    Patch