Description
XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other than upgrading.
Remediation
References
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vpx4-7rfp-h545
https://jira.xwiki.org/browse/XWIKI-19523
Related Vulnerabilities
CVE-2023-34062 Vulnerability in maven package io.projectreactor.netty:reactor-netty-http
CVE-2012-0391 Vulnerability in maven package com.opensymphony:xwork-core
CVE-2019-20444 Vulnerability in maven package io.netty:netty-all
CVE-2019-18799 Vulnerability in npm package node-sass
CVE-2013-7285 Vulnerability in maven package com.thoughtworks.xstream:xstream