Impact
A stored XSS can be exploited by users with edit rights by adding a AppWithinMinutes.FormFieldCategoryClass class on a page and setting the payload on the page title.
Then, any user visiting /xwiki/bin/view/AppWithinMinutes/ClassEditSheet executes the payload.
See https://jira.xwiki.org/browse/XWIKI-20365 for me details.
Patches
The issue has been patched on XWiki 14.4.8, 14.10.4, and 15.0 ?
Workarounds
The issue can be fixed by updating AppWithinMinutes.ClassEditSheet with this patch.
References
For more information
If you have any questions or comments about this advisory:
Attribution
This vulnerability has been reported on Intigriti by René de Sain @renniepak.
Impact
A stored XSS can be exploited by users with edit rights by adding a
AppWithinMinutes.FormFieldCategoryClassclass on a page and setting the payload on the page title.Then, any user visiting
/xwiki/bin/view/AppWithinMinutes/ClassEditSheetexecutes the payload.See https://jira.xwiki.org/browse/XWIKI-20365 for me details.
Patches
The issue has been patched on XWiki 14.4.8, 14.10.4, and 15.0 ?
Workarounds
The issue can be fixed by updating
AppWithinMinutes.ClassEditSheetwith this patch.References
For more information
If you have any questions or comments about this advisory:
Attribution
This vulnerability has been reported on Intigriti by René de Sain @renniepak.