2 matches found
CVE-2023-29524
The CVE affects XWiki Platform. A groovy script can be injected via the SchedulerJobSheet when a user without scripting rights edits their profile and adds a XWiki.SchedulerJobClass, causing server-side code execution on view. The issue has been patched in XWiki 14.10.3 and 15.0 RC1; upgrading is...
CVE-2023-29524 Code injection from account through XWiki.SchedulerJobSheet in xwiki-platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute anything with the right of the Scheduler Application sheet page. A user without script or programming rights, edit your user profile with the object editor and add a n...