CVE-2023-46732
Summary
XWiki Platform is vulnerable to reflected cross-site scripting (RXSS) via the 'rev' parameter, which can lead to remote code execution if exploited by an attacker. This vulnerability, identified as CVE-2023-46732, allows attackers to perform arbitrary actions in the name of the user, potentially compromising the entire XWiki installation. Patches are available in specific versions of XWiki.
IFF Assessment
This vulnerability allows for remote code execution, posing a significant threat to the integrity and availability of affected systems.
Severity
Defender Context
This RXSS vulnerability in XWiki Platform presents a clear risk of remote code execution, allowing attackers to potentially take over entire installations. Defenders should prioritize patching affected XWiki instances to the recommended versions or applying the provided commit patch to mitigate this threat.