2 matches found
CVE-2021-21380 Rating Script Service expose XWiki to SQL injection
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform and only those with the Ratings API installed, the Rating Script Service expose an API to perform SQL requests without escaping the from and where search...
CVE-2021-21380
CVE-2021-21380 affects XWiki Platform when the Ratings API is installed. The Rating Script Service exposes an API to perform SQL requests without escaping the from and where arguments, enabling SQL injection by any user with Script rights. The issue is fixed in XWiki 12.9RC1. A workaround is to u...