Lucene search

CVE-2023-50721

🗓️ 15 Dec 2023 19:09:15Reported by GitHub_MType

XWiki Platform allows injection of XWiki syntax and script macros, leading to remote code execution in versions before 14.10.15, 15.5.2, and 15.7-rc-1

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 6
OSV	GHSA-7654-VFH6-RW6X Remote code execution from account through SearchAdmin	16 Dec 202300:35	–	osv
OSV	CVE-2023-50721	15 Dec 202319:15	–	osv
NVD	CVE-2023-50721	15 Dec 202319:15	–	nvd
Cvelist	CVE-2023-50721 XWiki Platform RCE from account through SearchAdmin	15 Dec 202319:02	–	cvelist
Github Security Blog	Remote code execution from account through SearchAdmin	16 Dec 202300:35	–	github
Prion	Remote code execution	15 Dec 202319:15	–	prion

Nvd

Vulners

Node

xwiki xwikiRange4.5–14.10.5

xwiki xwikiRange15.0–15.5.2

xwiki xwikiMatch15.6-

xwiki xwikiMatch15.6rc1

xwiki xwikiMatch15.7rc1

[
  {
    "vendor": "xwiki",
    "product": "xwiki-platform",
    "versions": [
      {
        "version": ">= 4.5-rc-1, < 14.10.15",
        "status": "affected"
      },
      {
        "version": ">= 15.0-rc-1, < 15.5.2",
        "status": "affected"
      },
      {
        "version": ">= 15.6-rc-1, < 15.7-rc-1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/xwiki/xwiki-platform/security/advisories/GHSA-7654-vfh6-rw6x
github	www.github.com/xwiki/xwiki-platform/commit/62863736d78ffd60d822279c5fb7fb9593042766
jira	www.jira.xwiki.org/browse/XWIKI-21200

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

15 Dec 2023 19:15Current

9.6High risk

Vulners AI Score9.6

CVSS38.8 - 9.9

EPSS0.38441