The vulnerability of the XWiki platform for creating collaborative web applications lies in errors that occur when using privileged application programming interfaces (APIs). This allows a malicious individual to gain access to read, modify, and delete user accounts.

🗓️ 02 Apr 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 11 Views

XWiki privileged APIs errors allow attackers to read, modify, and delete user accounts.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2024-46978	18 Sep 202420:56	–	circl
CNNVD	XWiki Platform 安全漏洞	18 Sep 202400:00	–	cnnvd
CVE	CVE-2024-46978	18 Sep 202417:25	–	cve
Cvelist	CVE-2024-46978 Missing checks for notification filter preferences editions in XWiki Platform	18 Sep 202417:25	–	cvelist
EUVD	EUVD-2024-2862	3 Oct 202520:07	–	euvd
Github Security Blog	org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions	18 Sep 202414:26	–	github
NVD	CVE-2024-46978	18 Sep 202418:15	–	nvd
OpenVAS	XWiki 13.2-rc-1 < 14.10.21, 15.0-rc-1 < 15.5.5, 15.6-rc-1 < 15.10.1 Multiple Vulnerabilities	20 Sep 202400:00	–	openvas
OSV	CVE-2024-46978 Missing checks for notification filter preferences editions in XWiki Platform	18 Sep 202417:25	–	osv
OSV	GHSA-R95W-889Q-X2GX org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions	18 Sep 202414:26	–	osv

Source	Link
vuldb	www.vuldb.com/
github	www.github.com/xwiki/xwiki-platform/commit/e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4
github	www.github.com/xwiki/xwiki-platform/security/advisories/GHSA-r95w-889q-x2gx
jira	www.jira.xwiki.org/browse/XWIKI-20337
web	www.web.nvd.nist.gov/view/vuln/detail

02 Apr 2025 00:00Current

5.5Medium risk

Vulners AI Score5.5

CVSS 36.5

CVSS 26.8

EPSS0.00519

xwiki privileged interfaces read modify delete user accounts xwiki platform vulnerability