Exploit Report

Exploit Report

Computer Security And Bug Information

CVE-2023-26475

Last Updated: March 2, 2023
CVECVE-2023-26475
CVE Title
Published Date2023-03-02T19:15Z
Modified Date2023-03-02T20:11Z
DescriptionXWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. This has been patched in XWiki 13.10.11, 14.4.7 and 14.10. There is no easy workaround except to upgrade.
References
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://github.com/xwiki/xwiki-platform/commit/d87d7bfd8db18c20d3264f98c6deefeae93b99f7
Reference DescriptionMISC https://github.com/xwiki/xwiki-platform/commit/d87d7bfd8db18c20d3264f98c6deefeae93b99f7
Reference URLhttps://jira.xwiki.org/browse/XWIKI-20360
Reference DescriptionMISC https://jira.xwiki.org/browse/XWIKI-20360
Reference URLhttps://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h6f5-8jj5-cxhr
Reference DescriptionMISC https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h6f5-8jj5-cxhr
Reference URLhttps://jira.xwiki.org/browse/XWIKI-20384
Reference DescriptionMISC https://jira.xwiki.org/browse/XWIKI-20384
Sources NIST MITRE
Note
  • No CVSS data for this CVE

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles