7 matches found
CVE-2023-35166
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5...
GHSA-H7CW-44VP-JQ7H XWiki Platform vulnerable to privilege escalation (PR) from account through TipsPanel
Impact It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. To reproduce: Add an object of type UIExtensionClass Set "Extension Point ID" to org.xwiki.platform.help.tipsPanel Set "Extension ID" to org.xwiki.platform.user.test needs to be...
XWiki Platform vulnerable to privilege escalation (PR) from account through TipsPanel
Impact It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. To reproduce: Add an object of type UIExtensionClass Set "Extension Point ID" to org.xwiki.platform.help.tipsPanel Set "Extension ID" to org.xwiki.platform.user.test needs to be...
CVE-2023-35166 Privilege escalation (PR) from account through TipsPanel
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5...
CVE-2023-35166 Privilege escalation (PR) from account through TipsPanel
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5...
CVE-2023-35166
CVE-2023-35166 affects XWiki Platform via the TipsPanel UI extension. An attacker could cause arbitrary wiki content execution by creating a UIExtensionClass object and configuring the tip UI extension, enabling code execution (notably via groovy) when accessing Help.TipsPanel. Mitigation: patche...
CVE-2023-35166 Privilege escalation (PR) from account through TipsPanel
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5...