3 matches found
CVE-2021-21379
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the wikimacrocontent executes the content with the rights of the wiki macro author instead of the caller of that wiki macro. This makes possible to inje...
XWiki >= 11.4-rc-1, < 11.10.1, 12.x < 12.6.3, 12.7.x Privilege Escalation Vulnerability
XWiki is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-21379
XWiki Platform is affected by a vulnerability where the {{wikimacrocontent}} macro executes content with the rights of the macro author rather than the caller, enabling potential script injection. Affected versions are patched in XWiki 12.6.3, 11.10.11, and 12.8-rc-1. There is no easy workaround ...