Количество 2
Количество 2
CVE-2006-7223
PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document.
GHSA-h5jm-jjgx-q2wf
XWiki Remote Code Execution
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2006-7223 PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document. | CVSS2: 6.5 | 0% Низкий | больше 18 лет назад |
| GHSA-h5jm-jjgx-q2wf XWiki Remote Code Execution | 0% Низкий | почти 4 года назад |
Уязвимостей на страницу