daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2023/CVE-2023-32068.yaml

42 lines
1.6 KiB
YAML
Raw Blame History

id: CVE-2023-32068
info:
name: XWiki - Open Redirect
author: ritikchaddha
severity: medium
description: |
XWiki Platform is vulnerable to open redirect attacks due to improper validation of the xredirect parameter. This allows an attacker to redirect users to an arbitrary website. The vulnerability is patched in versions 14.10.4 and 15.0.
impact: |
An attacker can craft malicious URLs to redirect users to malicious websites.
remediation: |
Implement proper input validation and sanitize user-controlled input to prevent open redirect vulnerabilities.
reference:
- https://jira.xwiki.org/browse/XWIKI-20096
- https://nvd.nist.gov/vuln/detail/CVE-2023-32068
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-32068
cwe-id: CWE-601
epss-score: 0.00149
epss-percentile: 0.50372
cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: xwiki
product: xwiki
shodan-query: html:"data-xwiki-reference"
fofa-query: body="data-xwiki-reference"
tags: cve,cve2023,xwiki,redirect
http:
- method: GET
path:
- "{{BaseURL}}/bin/login/XWiki/XWikiLogin?xredirect=//oast.me"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?oast\.me(?:\s*?)$'
# digest: 490a00463044022022611f58439e1b8aa2bf5df976f3774aa14e202e26280efda8267481141f80de022050cc9f2a7c4906ef5bc096ec3ca0ccad1892f139eae285db8a964bd5a5b11f7d:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink