1. Home
  2. Vulnerabilities
  3. CVE-2024-41947

CVE-2024-41947

CVSS v3.1 5.4 (Medium)
54% Progress
EPSS 0.17 % (54th)
0.17% Progress
Affected Products 1
Advisories 1
NVD Status Analyzed
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.8 and 16.3.0RC1.

Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
GitHub, Inc.
Published Date
2024-07-31 16:15:04
(7 weeks ago)
Updated Date
2024-09-06 20:46:01
(12 days ago)

Affected Products

Xwiki

Configuration #1

    CPE23 From Up To
  Xwiki from 11.8 version and prior 15.10.8 version cpe:2.3:a:xwiki:xwiki >= 11.8 < 15.10.8
  Xwiki from 16.0 version and prior 16.3.0 version cpe:2.3:a:xwiki:xwiki >= 16.0 < 16.3.0