2 matches found
CVE-2023-29523
CVE-2023-29523 – XWiki Platform code injection via display method : Affects XWiki Platform where any user who can edit their own profile can run arbitrary script macros (Groovy/Python), enabling remote code execution and unrestricted read/write of wiki content. The vulnerability can also occur wh...
CVE-2023-29523 Code injection in display method used in user profiles in xwiki-platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write acces...