Описание
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. This will lead to a broken page. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no workarounds other than fixing any way to create a document that fail to load.
Ссылки
- ExploitVendor Advisory
- ExploitIssue TrackingPatchVendor Advisory
- ExploitVendor Advisory
- ExploitIssue TrackingPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 13.10.11 (исключая)Версия от 14.0 (включая) до 14.4.8 (исключая)Версия от 14.5 (включая) до 14.10.1 (исключая)
Одно из
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00213
Низкий
4.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-248
CWE-755
Связанные уязвимости
CVSS3: 4.3
github
почти 3 года назад
XWiki Platform vulnerable to page render failure due to broken translations
EPSS
Процентиль: 44%
0.00213
Низкий
4.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-248
CWE-755