Lucene search

CVE-2023-26473

🗓️ 02 Mar 2023 19:11:15Reported by [email protected]Type

XWiki Platform allows arbitrary database select by users with edit rights, fixed in versions 13.10.11, 14.4.7, 14.1

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
OSV	CVE-2023-26473	2 Mar 202319:15	–	osv
OSV	GHSA-VPX4-7RFP-H545 Unprivileged XWiki Platform users can make arbitrary select queries using DatabaseListProperty and suggest.vm	3 Mar 202322:46	–	osv
Prion	Design/Logic Flaw	2 Mar 202319:15	–	prion
Cvelist	CVE-2023-26473 XWiki Platform allows unprivileged users to make arbitrary select queries using DatabaseListProperty and suggest.vm	2 Mar 202318:17	–	cvelist
CVE	CVE-2023-26473	2 Mar 202319:15	–	cve
OpenVAS	XWiki 1.3-rc-1 < 13.10.11, 14.x < 14.4.7, 14.5.x < 14.10 Improper Access Control Vulnerability (GHSA-vpx4-7rfp-h545)	6 Mar 202300:00	–	openvas
Vulnrichment	CVE-2023-26473 XWiki Platform allows unprivileged users to make arbitrary select queries using DatabaseListProperty and suggest.vm	2 Mar 202318:17	–	vulnrichment
Github Security Blog	Unprivileged XWiki Platform users can make arbitrary select queries using DatabaseListProperty and suggest.vm	3 Mar 202322:46	–	github

Nvd

Node

xwiki xwikiRange1.3–13.10.11

xwiki xwikiRange14.0–14.4.7

xwiki xwikiRange14.5–14.10

xwiki xwikiMatch1.3rc1

Source	Link
jira	www.jira.xwiki.org/browse/XWIKI-19523
github	www.github.com/xwiki/xwiki-platform/security/advisories/GHSA-vpx4-7rfp-h545

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

02 Mar 2023 19:15Current

6.7Medium risk

Vulners AI Score6.7

CVSS36.5

EPSS0.00119

CWE-284