CVE-2023-30537
CVSS v3.1
8.8 (High)
EPSS
0.18 % (56th)
Affected Products
1
Advisories
1
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with the right to add an object on a page can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the styles properties FlamingoThemesCode.WebHome
. This page is installed by default. The vulnerability has been patched in XWiki versions 13.10.11, 14.4.7 and 14.10.
Weaknesses
- CVE Status
- PUBLISHED
- CNA
- GitHub, Inc.
- Published Date
-
2023-04-16 08:15:07
(17 months ago) - Updated Date
-
2023-04-26 20:07:04
(17 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...