Lucene search

GoogleOSV:CVE-2023-26474

HistoryMar 02, 2023 - 7:15 p.m.

CVE-2023-26474

2023-03-0219:15:11

Google

osv.dev

xwiki platform

execution

text area

patch

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.9%

JSON

XWiki Platform is a generic wiki platform. Starting in version 13.10, it’s possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds.

References

github.com/xwiki/xwiki-platform/security/advisories/GHSA-3738-p9x3-mv9r

jira.xwiki.org/browse/XWIKI-20373

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.9%

JSON

Related for OSV:CVE-2023-26474