cvelistv5 - cve-2025-32430

cve-2025-32430

Vulnerability from cvelistv5

Published

2025-08-05 23:27

Modified

2025-08-06 20:27

Severity ?

6.5 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

Summary

XWiki Platform contains Reflected XSS vulnerability in two templates

References

▼	URL	Tags
	security-advisories@github.com	https://github.com/xwiki/xwiki-platform/commit/e5926a938cbecc8b1eaa48053d8d370cff107cb0
	security-advisories@github.com	https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m9x4-w7p9-mxhx
	security-advisories@github.com	https://jira.xwiki.org/browse/XWIKI-23096
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m9x4-w7p9-mxhx

Impacted products

▼	Vendor	Product
	xwiki	xwiki-platform

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32430",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-06T20:26:53.478745Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-06T20:27:07.444Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m9x4-w7p9-mxhx"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xwiki-platform",
          "vendor": "xwiki",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.2-milestone-3, \u003c 16.4.8"
            },
            {
              "status": "affected",
              "version": "\u003e= 16.5.0-rc-1, \u003c 16.10.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 17.0.0-rc-1, \u003c 17.3.0-rc-1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-3 through 16.4.7, 16.5.0-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, two templates contain reflected XSS vulnerabilities, allowing an attacker to execute malicious JavaScript code in the context of the victim\u0027s session by getting the victim to visit an attacker-controlled URL. This permits the attacker to perform arbitrary actions using the permissions of the victim. This issue is fixed in versions 16.4.8, 16.10.6 and 17.3.0-rc-1. To workaround the issue, manually patch the WAR with the same changes as the original patch."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-05T23:27:07.471Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m9x4-w7p9-mxhx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m9x4-w7p9-mxhx"
        },
        {
          "name": "https://github.com/xwiki/xwiki-platform/commit/e5926a938cbecc8b1eaa48053d8d370cff107cb0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/commit/e5926a938cbecc8b1eaa48053d8d370cff107cb0"
        },
        {
          "name": "https://jira.xwiki.org/browse/XWIKI-23096",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.xwiki.org/browse/XWIKI-23096"
        }
      ],
      "source": {
        "advisory": "GHSA-m9x4-w7p9-mxhx",
        "discovery": "UNKNOWN"
      },
      "title": "XWiki Platform contains Reflected XSS vulnerability in two templates"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-32430",
    "datePublished": "2025-08-05T23:27:07.471Z",
    "dateReserved": "2025-04-08T10:54:58.367Z",
    "dateUpdated": "2025-08-06T20:27:07.444Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-32430\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-08-06T00:15:29.193\",\"lastModified\":\"2025-08-06T21:15:28.737\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-3 through 16.4.7, 16.5.0-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, two templates contain reflected XSS vulnerabilities, allowing an attacker to execute malicious JavaScript code in the context of the victim\u0027s session by getting the victim to visit an attacker-controlled URL. This permits the attacker to perform arbitrary actions using the permissions of the victim. This issue is fixed in versions 16.4.8, 16.10.6 and 17.3.0-rc-1. To workaround the issue, manually patch the WAR with the same changes as the original patch.\"},{\"lang\":\"es\",\"value\":\"XWiki Platform es una plataforma wiki gen\u00e9rica que ofrece servicios de ejecuci\u00f3n para aplicaciones desarrolladas sobre ella. En las versiones 4.2-milestone-3 a 16.4.7, 16.5.0-rc-1 a 16.10.5 y 17.0.0-rc-1 a 17.2.2, dos plantillas contienen vulnerabilidades XSS reflejadas, lo que permite a un atacante ejecutar c\u00f3digo JavaScript malicioso en la sesi\u00f3n de la v\u00edctima al obligarla a visitar una URL controlada por el atacante. Esto permite al atacante realizar acciones arbitrarias utilizando los permisos de la v\u00edctima. Este problema se ha corregido en las versiones 16.4.8, 16.10.6 y 17.3.0-rc-1. Para solucionarlo, parchee manualmente el WAR con los mismos cambios que el parche original.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://github.com/xwiki/xwiki-platform/commit/e5926a938cbecc8b1eaa48053d8d370cff107cb0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m9x4-w7p9-mxhx\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://jira.xwiki.org/browse/XWIKI-23096\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m9x4-w7p9-mxhx\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}"
  }
}

ghsa-m9x4-w7p9-mxhx

Vulnerability from github

Published

2025-08-05 15:32

Modified

2025-08-06 14:31

Severity ?

5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Summary

XWiki allows Reflected XSS in two templates

Details

Impact

Reflected XSS vulnerabilities in two templates allow an attacker to execute malicious JavaScript code in the context of the victim's session by getting the victim to visit an attacker-controlled URL. PoC URLs are /xwiki/bin/view/Main/?xpage=job_status_json&jobId=asdf&translationPrefix=<img src=1 onerror=alert(document.domain)> and /xwiki/bin/view/Main/?xpage=distribution&extensionId=%3Cimg src=x onerror=alert(document.domain)%3E&extensionVersionConstraint=%3Cimg src=x onerror=alert(document.domain)%3E. This allows the attacker to perform arbitrary actions using the permissions of the victim.

Patches

The problem has been patched in XWiki 16.4.8, 16.10.6 and 17.3.0RC1 by adding escaping in the affected templates.

Workarounds

The affected templates can be patched manually in the WAR by applying the same changes as in the patch.

Attribution

The vulnerability involving job_status_json has been reported as "Unauth Reflected XSS" vulnerability by Aleksey Solovev (Positive Technologies), and the vulnerability involving distribution has been reported as "Auth Admin Reflected XSS" vulnerability by Evgeny Kopytin (Positive Technologies). According to our analysis, both vulnerabilities can be exploited against both unauthenticated and authenticated victims (including victims with admin privileges) which is why we publish them together in this advisory.

Show details on source website