2 matches found
CVE-2023-29516
CVE-2023-29516 – XWiki Platform vulnerability where any user with view rights on the XWiki.AttachmentSelector can execute arbitrary Groovy, Python or Velocity code, granting full access to the installation. Root cause: improper escaping in the ancel and return to pageutton. Affected versions pa...
CVE-2023-29516 Code injection from view right on XWiki.AttachmentSelector in xwiki-platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on XWiki.AttachmentSelector can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is imprope...