XWiki 4.5.1 < 15.10.13, 16.0.0-rc-1 < 16.4.4, 16.5.0-rc-1 < 16.8.0 Incorrect Authorization Vulnerability (GHSA-987p-r3jc-8c8v)

Xwiki is prone to an incorrect authorization vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

CVE-2025-32971

creationtimestamp| type| source ---|---|--- 2025-04-30 17:55:14+00:00| seen| https://t.me/cvedetector/24113...

CVE-2025-32971 XWiki Solr script service doesn't take dropped programming right into account

XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr script service that is accessible in XWiki's...

CVE-2025-32971

CVE-2025-32971 affects XWiki where the Solr script service can be invoked via the scripting API without properly accounting for dropped programming rights. The root cause is using an incorrect API to verify rights, so a user with script rights could bypass protections after calling $xcontext.drop...