XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m-2 and prior to versions 14.4.8, 14.10.4, and 15.0, any user with view rights on any document can execute code with programming rights, leading to remote code execution by crafting an url with a dangerous payload. The problem has been patched in XWiki 15.0, 14.10.4 and 14.4.8.
History

Fri, 29 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-06-23T16:26:55.213Z

Updated: 2024-11-29T14:35:16.356Z

Reserved: 2023-06-14T14:17:52.177Z

Link: CVE-2023-35150

cve-icon Vulnrichment

Updated: 2024-08-02T16:23:59.330Z

cve-icon NVD

Status : Modified

Published: 2023-06-23T17:15:09.380

Modified: 2024-11-21T08:08:02.300

Link: CVE-2023-35150

cve-icon Redhat

No data.