XWiki Platform is a generic wiki platform. Starting in version 12.9-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.1, any logged in user can add dangerous content in their first name field and see it executed with programming rights. Leading to rights escalation. The vulnerability has been fixed on XWiki 14.4.8, 14.10.6, and 15.1. As a workaround, one may apply the patch manually.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:08
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.9 |
References | () https://github.com/xwiki/xwiki-platform/commit/0993a7ab3c102f9ac37ffe361a83a3dc302c0e45#diff-0b51114cb27f7a5c599cf40c59d658eae6ddc5c0836532c3b35e163f40a4854fR39 - Patch, Vendor Advisory | |
References | () https://github.com/xwiki/xwiki-platform/commit/6ce2d04a5779e07f6d3ed3f37d4761049b4fc3ac#diff-ef7f8b911bb8e584fda22aac5876a329add35ca0d1d32e0fdb62a439b78cfa49 - Patch, Vendor Advisory | |
References | () https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rf8j-q39g-7xfm - Vendor Advisory | |
References | () https://jira.xwiki.org/browse/XWIKI-19900 - Issue Tracking, Vendor Advisory | |
References | () https://jira.xwiki.org/browse/XWIKI-20611 - Issue Tracking, Vendor Advisory |
30 Jun 2023, 07:12
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-94 | |
First Time |
Xwiki
Xwiki xwiki |
|
References | (MISC) https://jira.xwiki.org/browse/XWIKI-19900 - Issue Tracking, Vendor Advisory | |
References | (MISC) https://github.com/xwiki/xwiki-platform/commit/6ce2d04a5779e07f6d3ed3f37d4761049b4fc3ac#diff-ef7f8b911bb8e584fda22aac5876a329add35ca0d1d32e0fdb62a439b78cfa49 - Patch, Vendor Advisory | |
References | (MISC) https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rf8j-q39g-7xfm - Vendor Advisory | |
References | (MISC) https://github.com/xwiki/xwiki-platform/commit/0993a7ab3c102f9ac37ffe361a83a3dc302c0e45#diff-0b51114cb27f7a5c599cf40c59d658eae6ddc5c0836532c3b35e163f40a4854fR39 - Patch, Vendor Advisory | |
References | (MISC) https://jira.xwiki.org/browse/XWIKI-20611 - Issue Tracking, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:a:xwiki:xwiki:12.9:rc1:*:*:*:*:*:* cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* cpe:2.3:a:xwiki:xwiki:15.0:rc1:*:*:*:*:*:* cpe:2.3:a:xwiki:xwiki:15.0:*:*:*:*:*:*:* |
23 Jun 2023, 17:21
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-23 17:15
Updated : 2024-11-21 08:08
NVD link : CVE-2023-35152
Mitre link : CVE-2023-35152
CVE.ORG link : CVE-2023-35152
JSON object : View
Products Affected
xwiki
- xwiki