Description
XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into account for viewing it once it's deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view rights provided on a space of a deleted document are properly checked. The problem has been patched in XWiki 14.10 by checking the rights of current user: only admin and deleter of the document are allowed to view it.
Remediation
References
Related Vulnerabilities
WordPress 3.0.3 KSES Library Cross-Site Scripting Vulnerability (0.6.2 - 3.0.3)
OpenSSL Numeric Errors Vulnerability (CVE-2012-2131)
Python Uncontrolled Search Path Element Vulnerability (CVE-2017-20052)
WordPress Plugin User Access Manager Cross-Site Scripting (1.2.14)
Oracle Database Server CVE-2014-6560 Vulnerability (CVE-2014-6560)