CVE-2023-35166

high

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5.

References

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h7cw-44vp-jq7h

https://github.com/xwiki/xwiki-platform/commit/98208c5bb1e8cdf3ff1ac35d8b3d1cb3c28b3263#diff-4e3467d2ef3871a68b2f910e67cf84531751b32e0126321be83c0f1ed5d90b29L176-R178

Details

Source: Mitre, NVD

Published: 2023-06-20

Updated: 2023-06-28

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H