XWiki Platform allows arbitrary code execution due to improper UIX parameter escaping. Upgrade to patched version or manually edit wiki page
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
![]() | XWiki 6.3-milestone-2 < 13.10.11, 14.x < 14.4.7, 14.5.x < 14.10 Eval Injection Vulnerability (GHSA-qxjg-jhgw-qhrv) | 8 Mar 202300:00 | – | openvas |
![]() | org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection | 8 Mar 202317:18 | – | github |
![]() | CVE-2023-27479 Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-panels-ui | 7 Mar 202318:09 | – | cvelist |
![]() | Code injection | 7 Mar 202319:15 | – | prion |
![]() | CVE-2023-27479 | 7 Mar 202319:15 | – | nvd |
![]() | CVE-2023-27479 | 7 Mar 202319:15 | – | osv |
![]() | org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection | 8 Mar 202317:18 | – | osv |
[
{
"vendor": "xwiki",
"product": "xwiki-platform",
"versions": [
{
"version": ">= 6.3-milestone-2, < 13.10.11",
"status": "affected"
},
{
"version": ">= 14.0.0, < 14.4.7",
"status": "affected"
},
{
"version": ">= 14.5.0, < 14.10-rc-1",
"status": "affected"
}
]
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo