CVE-2023-40177

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is...

Privilege escalation

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is...

CVE-2023-40177

CVE-2023-40177 affects XWiki Platform: a vulnerability where any registered user can use the user profile content field to execute arbitrary scripts with programming rights, effectively escalating privileges. Root cause: AppWithinMinutes.Content displayer executes content with the rights of the A...

CVE-2023-40177 XWiki Platform privilege escalation (PR) from account through AWM content fields

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is...