Description
XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other than upgrading.
Remediation
References
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vpx4-7rfp-h545
https://jira.xwiki.org/browse/XWIKI-19523
Related Vulnerabilities
CVE-2015-0250 Vulnerability in maven package org.apache.xmlgraphics:batik-dom
CVE-2020-13410 Vulnerability in npm package aedes
CVE-2023-45279 Vulnerability in maven package org.yamcs:yamcs-core
CVE-2020-15362 Vulnerability in npm package wifiscanner
CVE-2020-7637 Vulnerability in maven package org.webjars.npm:class-transformer