3 matches found
CVE-2023-30537
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with the right to add an object on a page can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper...
CVE-2023-30537 org.xwiki.platform:xwiki-platform-flamingo-theme-ui vulnerable to privilege escalation
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with the right to add an object on a page can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper...
CVE-2023-30537
CVE-2023-30537 affects XWiki Platform (Flamingo Theme UI). A user with rights to add an object on a page can execute arbitrary Groovy, Python or Velocity code via FlamingoThemesCode.WebHome, due to improper escaping, granting full access to the XWiki installation. The root cause is improper escap...