Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-29516
HistoryApr 19, 2023 - 12:15 a.m.

Design/Logic Flaw

2023-04-1900:15:00
PRIOn knowledge base
www.prio-n.com
4
xwiki platform
arbitrary code execution
xwiki 15.0-rc-1
14.10.1
14.4.8
13.10.11
security vulnerability

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.0%

JSON

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on XWiki.AttachmentSelector can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping in the “Cancel and return to page” button. This page is installed by default. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. There are no known workarounds for this vulnerability.

Related

osv 2
nvd 1
openvas 1
cve 1
cvelist 1
github 1
osv
osv
CVE-2023-29516
2023-04-19 00:15:08
XWiki Platform vulnerable to privilege escalation from view right on XWiki.AttachmentSelector
2023-04-20 22:00:14
nvd
nvd
CVE-2023-29516
2023-04-19 00:15:08
openvas
openvas
XWiki 2.0-rc-2 < 13.10.11, 14.0-rc-1 < 14.4.8, 14.5 < 14.10.1 Privilege Escalation Vulnerability (GHSA-3989-4c6x-725f)
2023-07-26 00:00:00
cve
cve
CVE-2023-29516
2023-04-19 00:15:08
cvelist
cvelist
CVE-2023-29516 Code injection from view right on XWiki.AttachmentSelector in xwiki-platform
2023-04-18 23:51:58
github
github
XWiki Platform vulnerable to privilege escalation from view right on XWiki.AttachmentSelector
2023-04-20 22:00:14

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.0%

JSON
Related for PRION:CVE-2023-29516
osv2nvd1openvas1cve1cvelist1github1