XWiki Platform privilege escalation from script right to programming right through title displayer

Impact In XWiki Platform, it's possible for a user to write a script in which any velocity content is executed with the right of any other document content author. To reproduce: As a user with script but not programming right, create a document with the following content: velocity set$main =...

GHSA-RMXW-C48H-2VF5 XWiki Platform privilege escalation from script right to programming right through title displayer

Impact In XWiki Platform, it's possible for a user to write a script in which any velocity content is executed with the right of any other document content author. To reproduce: As a user with script but not programming right, create a document with the following content: velocity set$main =...

CVE-2023-46244

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for a user to write a script in which any velocity content is executed with the right of any other document content author. Since this API require programmin...

CVE-2023-46244

CVE-2023-46244 relates to a privilege-escalation in XWiki Platform where a user with only script permissions could cause velocity content to execute with the right of another document author, potentially returning the title as the unmodified document but instead exposing the attacker to the prote...