Main Vulnerability Database Vulnerabilities #VU130032

Open redirect in XWiki platform - CVE-2022-23618

Published: February 9, 2022 / Updated: May 5, 2026

Vulnerability identifier: #VU130032

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-23618

CWE-ID: CWE-601

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: XWiki

Affected software:
XWiki platform

Detailed vulnerability description

The vulnerability allows a remote attacker to redirect users to an untrusted site.

The vulnerability exists due to url redirection to an untrusted site in the xredirect parameter handling in XWiki platform when processing user-supplied redirect parameters. A remote attacker can supply a crafted xredirect parameter to redirect users to an untrusted site.

User interaction is required.

How to mitigate CVE-2022-23618

Install security update from vendor's website.

Sources

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jp55-vvmf-63mv
https://jira.xwiki.org/browse/XWIKI-10309

Open redirect in XWiki platform - CVE-2022-23618

Detailed vulnerability description

How to mitigate CVE-2022-23618

Sources

Please verify you're human