CVE-2023-26055

XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be executed with programming right. The same vulnerability can also be exploited in all other places where short text properties are displayed, e.g., in apps created using Apps Within Minutes that use a short text field. The problem has been patched on versions 13.10.9, 14.4.4, 14.7RC1.
References
Link Resource
https://jira.xwiki.org/browse/XWIKI-19793 Exploit Issue Tracking Patch Vendor Advisory
https://jira.xwiki.org/browse/XWIKI-19794 Exploit Issue Tracking Patch Vendor Advisory
https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-8cw6-4r32-6r3h Exploit Vendor Advisory
https://jira.xwiki.org/browse/XCOMMONS-2498 Issue Tracking Patch Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:xwiki:commons:3.1:milestone1:*:*:*:*:*:*
cpe:2.3:a:xwiki:commons:3.1:milestone2:*:*:*:*:*:*
cpe:2.3:a:xwiki:commons:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:xwiki:commons:*:*:*:*:*:*:*:*
cpe:2.3:a:xwiki:commons:14.4:rc1:*:*:*:*:*:*
cpe:2.3:a:xwiki:commons:*:*:*:*:*:*:*:*
cpe:2.3:a:xwiki:commons:*:*:*:*:*:*:*:*

Information

Published : 2023-03-02 11:15

Updated : 2023-03-13 08:59


NVD link : CVE-2023-26055

Mitre link : CVE-2023-26055


JSON object : View

Advertisement

dedicated server usa

Products Affected

xwiki

  • commons