3 matches found
CVE-2023-35166
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5...
CVE-2023-35166
CVE-2023-35166 affects XWiki Platform via the TipsPanel UI extension. An attacker could cause arbitrary wiki content execution by creating a UIExtensionClass object and configuring the tip UI extension, enabling code execution (notably via groovy) when accessing Help.TipsPanel. Mitigation: patche...
CVE-2023-35166 Privilege escalation (PR) from account through TipsPanel
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5...