2 matches found
CVE-2023-27480
CVE-2023-27480 affects XWiki Platform via an XXE/XAR-import vulnerability in the xwiki-platform-xar-model. A user with document edit rights can import a forged XAR file (XAR package) and cause server-side disclosure of file contents (e.g., arbitrary files) due to an XML external entity processing...
CVE-2023-27480 Data leak through a XAR import XXE attack in xwiki-platform-xar-model
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host...