3 matches found
CVE-2023-36469 Code injection through NotificationRSSService in XWiki Platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...
CVE-2023-36469 Code injection through NotificationRSSService in XWiki Platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...
CVE-2023-36469
CVE-2023-36469 affects XWiki Platform. The vulnerability allows any user who can edit their own profile and notification settings to execute arbitrary script macros (Groovy/Python), enabling remote code execution with full read/write access to wiki content. The root cause is in the NotificationRS...