Количество 2
Количество 2
CVE-2023-26475
XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. This has been patched in XWiki 13.10.11, 14.4.7 and 14.10. There is no easy workaround except to upgrade.
GHSA-h6f5-8jj5-cxhr
xwiki-platform vulnerable to Remote Code Execution in Annotations
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-26475 XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. This has been patched in XWiki 13.10.11, 14.4.7 and 14.10. There is no easy workaround except to upgrade. | CVSS3: 9.9 | 24% Средний | почти 3 года назад |
| GHSA-h6f5-8jj5-cxhr xwiki-platform vulnerable to Remote Code Execution in Annotations | CVSS3: 9.9 | 24% Средний | почти 3 года назад |
Уязвимостей на страницу