SCA: security update for org.xwiki.platform:xwiki-platform-rendering-xwiki (GHSA-vxf7-mx22-jr24)

medium Tenable Self-Hosted Container Security Plugin ID 419604

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- XWiki Commons are technical libraries common to several other top level XWiki projects. The HTML macro
does not systematically perform a proper neutralization of script-related html tags. As a result, any user
able to use the html macro in XWiki, is able to introduce an XSS attack. This can be particularly
dangerous since in a standard wiki, any user is able to use the html macro directly in their own user
profile page. The problem has been patched in XWiki 14.8RC1. The patch involves the HTML macros and are
systematically cleaned up whenever the user does not have the script correct. (CVE-2023-29205)

See Also

https://github.com/advisories/GHSA-vxf7-mx22-jr24

Plugin Details

Severity: Medium

ID: 419604

Version: Revision 1.6

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 2.3

Percentile: 9.14

Vendor

Vendor Severity: Critical

CVSS v2

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS Score Source: CVE-2023-29205

CVSS v3

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/12/2023

Vulnerability Publication Date: 4/12/2023

Reference Information

CVE: CVE-2023-29205

cwe: CWE-79