2 matches found
CVE-2023-26477 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability
XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the newThemeName request parameter URL parameter, in combination with additional parameters. This has been...
CVE-2023-26477
Summary (mode C): XWiki Platform’s Flamingo theme UI is affected by an eval/command injection vulnerability that can be triggered through the newThemeName URL parameter when combined with other parameters. The issue allows injection of arbitrary wiki syntax, including Groovy, Python and Velocity ...