GHSA-VGWR-23FQ-PR7G XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin

Impact A potential path traversal vulnerability allow an attacker who manages to get a malicious WebJar extension installed on the wiki to write arbitrary files. While the consequences could be severe like overriding configuration files and setting the superadmin password, the attack first requir...

PT-2026-43465

Name of the Vulnerable Software and Affected Versions XWiki versions prior to 16.10.17 XWiki versions prior to 17.4.9 XWiki versions prior to 17.10.3 XWiki versions prior to 18.0.0RC1 Description A path traversal issue allows an attacker to write arbitrary files, which could lead to overriding...