Vulnerability Database
296,772
Total vulnerabilities in the database
CVE-2023-32070
XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting (XSS) attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. There are no known workarounds apart from upgrading to a fixed version.
| Software | From | Fixed in |
|---|---|---|
org.xwiki.rendering / xwiki-rendering-syntax-xhtml
|
- | 14.6-rc-1 |
|
org.xwiki.platform / xwiki-core-rendering-api
|
- | 3.0-milestone-2.x |
|
org.xwiki.rendering / xwiki-rendering-syntax-html
|
- | 14.6-rc-1 |
|
org.xwiki.rendering / xwiki-rendering-syntax-html5
|
- | 14.6-rc-1 |
|
org.xwiki.rendering / xwiki-rendering-syntax-annotatedxhtml
|
- | 14.6-rc-1 |
|
org.xwiki.rendering / xwiki-rendering-syntax-annotatedhtml5
|
- | 14.6-rc-1 |
|
org.xwiki.platform / xwiki-platform-annotation-core
|
- | 14.6-rc-1 |
| xwiki / xwiki | - | 14.5.x |
| xwiki / rendering | 3.0-milestone_2 | 3.0-milestone_2.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime