1. Home
  2. Vulnerabilities
  3. CVE-2024-43401

CVE-2024-43401

CVSS v3.1 8 (High)
80% Progress
EPSS 0.10 % (42th)
0.10% Progress
Affected Products 1
Advisories 1
NVD Status Analyzed
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content. The payload is executed at edit time. This vulnerability has been patched in XWiki 15.10RC1.

Weaknesses
CWE-269
Improper Privilege Management
CWE-862
Missing Authorization
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
GitHub, Inc.
Published Date
2024-08-19 17:15:09
(4 weeks ago)
Updated Date
2024-08-20 16:09:23
(4 weeks ago)

Affected Products

Xwiki

Configuration #1

    CPE23 From Up To
  Xwiki 15.9 and prior versions cpe:2.3:a:xwiki:xwiki <= 15.9