2 matches found
CVE-2023-26472 XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile
XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with certain content. This can be done by creating a new page or even through the user profile for users not having ed...
CVE-2023-26472
XWiki Platform (v6.2-milestone-1 and earlier) is vulnerable to privilege escalation via IconThemeSheet by creating a crafted icon theme, enabling execution of wiki content with IconThemeSheet author rights. The issue allows exploitation via new pages or user profiles by users without edit rights....