4 matches found
CVE-2022-41937
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a...
CVE-2022-41937 Missing Authorization in XWiki Platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a...
Vulnerabilities fixed in XWiki
Vulnerabilities have been fixed in XWiki. A malicious person can by importing a prepared XAR file can exploit the exploit the vulnerability to view or edit any page, whereas it should be editing, when it should not be available to the malicious party. Also, potentially sensitive information can b...
CVE-2022-41937
XWiki Platform suffered a Missing Authorization vulnerability where any user with view access could modify pages by importing a crafted XAR package. The issue stems from improper privilege management and was fixed in XWiki 14.6RC1, 14.6, and 13.10.8. A workaround is to restrict the Filter.WebHome...