exploitDog

CVE-2020-13654

Опубликовано: 31 дек. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

XWiki Platform before 12.8 mishandles escaping in the property displayer.

Ссылки

https://cve.nstsec.com/cve-2020-13654
https://github.com/xwiki/xwiki-platform/compare/xwiki-platform-12.7.1...xwiki-platform-12.8
Third Party Advisory
https://github.com/xwiki/xwiki-platform/pull/1315
Third Party Advisory
https://jira.xwiki.org/browse/XWIKI-17374
Issue Tracking
Permissions Required
Third Party Advisory
https://cve.nstsec.com/cve-2020-13654
https://github.com/xwiki/xwiki-platform/compare/xwiki-platform-12.7.1...xwiki-platform-12.8
Third Party Advisory
https://github.com/xwiki/xwiki-platform/pull/1315
Third Party Advisory
https://jira.xwiki.org/browse/XWIKI-17374
Issue Tracking
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*

Версия до 12.8 (исключая)

EPSS

Процентиль: 27%

0.00096

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-116

CWE-116

Связанные уязвимости

GHSA-p93c-h8qm-7256

CVSS3: 7.5

github

почти 4 года назад

Improper escaping in XWiki Platform

EPSS

Процентиль: 27%

0.00096

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-116

CWE-116