CVE-2024-31982: Xwiki Feed Output In Verbatim Block
The XWiki rendering verbatim block ({{{ ... }}}) wraps feed output that may contain user-controlled data. Because verbatim only escapes wiki parsing, an attacker who can influence the wrapped content (e.g. via a feed title/description filled from a request parameter) can inject a literal "}}}" to terminate the verbatim block early and then have arbitrary mac
greprules fetch cve-2024-31982-xwiki-feed-output-in-verbatim-block --engine opengrepDescription
The XWiki rendering verbatim block ({{{ ... }}}) wraps feed output that may contain user-controlled data. Because verbatim only escapes wiki parsing, an attacker who can influence the wrapped content (e.g. via a feed title/description filled from a request parameter) can inject a literal "}}}" to terminate the verbatim block early and then have arbitrary mac
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.