Description
XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- xwiki / xwiki-platform>= 13.10, < 13.10.11 – >= 13.10, < 13.10.11
- xwiki / xwiki-platform>= 14.0, < 14.4.7 – >= 14.0, < 14.4.7
- xwiki / xwiki-platform>= 14.5, < 14.10 – >= 14.5, < 14.10