3 matches found
CVE-2023-46243 Code execution via the edit action in XWiki platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for a user to execute any content with the right of an existing document's content author, provided the user have edit right on it. A crafted URL of the form...
CVE-2023-46243 Code execution via the edit action in XWiki platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for a user to execute any content with the right of an existing document's content author, provided the user have edit right on it. A crafted URL of the form...
CVE-2023-46243
XWiki Platform contains a remote code execution vulnerability (CVE-2023-46243) where a user with edit rights on a document can trigger Groovy code execution via a crafted edit URL (e.g., /xwiki/bin/edit//?content={{groovy}}println("Hello"){{/groovy}}&xpage=view). Root cause: the edit action write...