The vulnerability of the XWiki Admin Tools application on the XWiki Platform. XWiki is a platform for creating collaborative web applications. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

🗓️ 14 Feb 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

XWiki Admin Tools flaw on XWiki Platform enables remote query exploitation risking confidentiality, integrity, and availability.

Reporter	Title	Published	Views	Family All 11
CNNVD	Admin Tools Application Cross-Site Request Forgery Vulnerability	20 Nov 202300:00	–	cnnvd
CVE	CVE-2023-48293	20 Nov 202318:14	–	cve
Cvelist	CVE-2023-48293 XWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries	20 Nov 202318:14	–	cvelist
EUVD	EUVD-2023-2874	3 Oct 202520:07	–	euvd
Github Security Blog	Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries	20 Nov 202321:01	–	github
NVD	CVE-2023-48293	20 Nov 202319:15	–	nvd
OSV	CVE-2023-48293 XWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries	20 Nov 202318:14	–	osv
OSV	GHSA-4F4C-RHJV-4WGV Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries	20 Nov 202321:01	–	osv
Prion	Cross site request forgery (csrf)	20 Nov 202319:15	–	prion
Positive Technologies	PT-2023-8619 · Xwiki · Xwiki Admin Tools Application	20 Nov 202300:00	–	ptsecurity

Source	Link
github	www.github.com/xwiki-contrib/application-admintools/commit/45298b4fbcafba6914537dcdd798a1e1385f9e46
github	www.github.com/xwiki-contrib/application-admintools/security/advisories/GHSA-4f4c-rhjv-4wgv
jira	www.jira.xwiki.org/browse/ADMINTOOL-92
web	www.web.nvd.nist.gov/view/vuln/detail

14 Feb 2024 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 38.8

CVSS 210

EPSS0.00365

XWiki Admin Tools Query Authenticity Remote Exploitation Data Confidentiality Data Integrity Availability