3 matches found
CVE-2023-37909 Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros th...
CVE-2023-37909 Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros th...
CVE-2023-37909
CVE-2023-37909 affects XWiki Platform: versions 5.1-rc-1 up to but not including 14.10.8 and 15.3-rc-1 allow any user who can edit their own profile to execute arbitrary script macros (Groovy/Python), enabling remote code execution with full read/write access to wiki content. Root cause is improp...