Xwiki Oauth Identity
By the Year
In 2024 there have been 0 vulnerabilities in Xwiki Oauth Identity . Last year Oauth Identity had 1 security vulnerability published. Right now, Oauth Identity is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 1 | 9.60 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Oauth Identity vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Xwiki Oauth Identity Security Vulnerabilities
com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations
CVE-2023-45144
9.6 - Critical
- October 16, 2023
com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting (XSS) and XWiki syntax injection. This allows remote code execution via the groovy macro and thus affects the confidentiality, integrity and availability of the whole XWiki installation. The issue has been fixed in Identity OAuth version 1.6. There are no known workarounds for this vulnerability and users are advised to upgrade.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Xwiki Oauth Identity or by Xwiki? Click the Watch button to subscribe.