3 matches found
CVE-2023-29519
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a gadget of their own...
CVE-2023-29519
CVE-2023-29519 affects XWiki Platform. A registered user can achieve remote code execution and privilege escalation by injecting code into the "property" field of an AttachmentSelector gadget on their dashboard. The vulnerability does not affect wiki comments. It has been patched in XWiki version...
CVE-2023-29519 Code injection in org.xwiki.platform:xwiki-platform-attachment-ui
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a gadget of their own...