CVE-2022-23622 is a medium-severity cross-site scripting (XSS) vulnerability affecting the XWiki Platform, a generic wiki platform used to build collaborative applications. The vulnerability arises from improper neutralization of input in the `registerinline.vm` template, specifically related to the `xredirect` hidden field. This field is used during user registration and is vulnerable to injection of malicious scripts if not properly sanitized. The vulnerability manifests only under two specific conditions: first, the wiki instance must allow open registration for any user; second, the wiki must restrict guest users from viewing pages, typically enforced by enabling the "Prevent unregistered users from viewing pages, regardless of the page rights" setting. Under these conditions, an attacker can craft a malicious payload in the `xredirect` parameter that, when processed by the vulnerable template, executes arbitrary JavaScript in the context of the victim's browser. This can lead to session hijacking, credential theft, or other malicious actions. The issue is patched in versions 12.10.11, 13.4.7, and 13.10.3 and later. The recommended fix involves sanitizing the `xredirect` field using XML escaping to neutralize any embedded scripts. If patching is not feasible, administrators are advised to disable the restrictive guest view setting and implement a more granular access control scheme using groups and rights on spaces to mitigate exposure. No known exploits have been reported in the wild, but the vulnerability remains a risk for misconfigured or outdated XWiki deployments.

For European organizations using XWiki Platform, especially those with open registration and restrictive guest access settings, this vulnerability poses a risk of client-side script injection attacks. Successful exploitation could compromise user sessions, leading to unauthorized access to sensitive wiki content or user credentials. This can undermine the integrity and confidentiality of collaborative data, potentially disrupting business operations or leaking proprietary information. Organizations in sectors such as government, education, and enterprises relying on XWiki for internal knowledge management are particularly at risk. The vulnerability's exploitation requires no authentication but depends on specific configuration settings, which may limit its scope. However, given the collaborative nature of wikis, even limited exploitation can facilitate lateral movement or social engineering attacks within an organization. The absence of known active exploits reduces immediate threat but does not eliminate the risk, especially for organizations slow to apply patches or review access controls.

1. Apply the official patches provided in XWiki versions 12.10.11, 13.4.7, 13.10.3, or later to ensure the `registerinline.vm` template properly sanitizes the `xredirect` field using XML escaping. 2. If patching is not immediately possible, disable the "Prevent unregistered users from viewing pages, regardless of the page rights" setting to prevent the vulnerable code path from being triggered. 3. Implement strict access control policies using groups and rights on spaces to restrict registration and page visibility, minimizing exposure to untrusted users. 4. Conduct a thorough audit of wiki configurations to identify instances with open registration and restrictive guest access, prioritizing remediation. 5. Monitor web server logs for suspicious requests targeting the registration page with unusual `xredirect` parameters indicative of attempted XSS payloads. 6. Educate administrators on secure configuration practices for XWiki to prevent similar issues. 7. Consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block malicious input patterns targeting the `xredirect` parameter as an interim protective measure.