2 matches found
CVE-2023-29510 Code injection via unescaped translations in xwiki-platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In XWiki, every user can add translations that are only applied to the current user. This also allows overriding existing translations. Such translations are often included in privileged...
CVE-2023-29510
CVE-2023-29510 is a code injection/remote execution vulnerability in XWiki Platform caused by unescaped user-scoped translations that can be injected in privileged contexts. The issue allows remote code execution for users with edit access on at least one document (potentially their own profile)....