2 matches found
CVE-2023-36477
XWiki Platform (CKEditor integration) is affected by a persistent XSS vulnerability exploitable by any authenticated user with edit rights who can modify pages in the CKEditor space. The issue enables editing actions that can lead to loss of service and unauthorized modification of CKEditor confi...
CVE-2023-22457
Summary: CVE-2023-22457 affects the CKEditor Integration UI (org.xwiki.contrib:application-ckeditor-ui) used with XWiki. Prior to version 1.64.3, the CKEditor.HTMLConverter document lacked CSRF protection, enabling a privileged user with programming rights to trigger a GET request that could exec...