4 matches found
CVE-2023-29214
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the included pages in the...
CVE-2023-29214 org.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the included pages in the...
CVE-2023-29214
CVE-2023-29214 concerns XWiki Commons and specifically the panel UI eval injection vulnerability in org.xwiki.platform:xwiki-platform-panels-ui. The root cause is improper escaping in IncludedDocuments, allowing any user with edit rights to execute arbitrary Groovy, Python, or Velocity code, yiel...
PT-2023-22209 · Xwiki · Xwiki
Name of the Vulnerable Software and Affected Versions: XWiki versions prior to 14.4.7 XWiki versions prior to 14.10 Description: Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper...