3 matches found
XWiki 2.3-milestone-1 < 13.10.11, 14.x < 14.4.7, 14.5.x < 14.10 RCE Vulnerability (GHSA-h6f5-8jj5-cxhr)
Xwiki is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...
CVE-2023-26475
XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. This has been patched in XWiki...
CVE-2023-26475
Summary: CVE-2023-26475 affects the XWiki Platform. The vulnerability arises from the annotation displayer executing content outside a restricted context, allowing code execution with the author’s privileges when annotating a document. Impact: remote code execution with high risk; authenticated u...