Description

In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. This has been fixed 11.3.7 , 11.10.3 and 12.0.

Remediation

References

CVE-2020-11057

Related Vulnerabilities

Oracle Database Server Other Vulnerability (CVE-2007-3856)

phpMyAdmin Other Vulnerability (CVE-2007-2245)

WordPress Plugin Nmedia MailChimp Widget 'abs_path' Parameter Remote File Include (3.1)

OpenSSL Improper Input Validation Vulnerability (CVE-2010-0740)

WordPress Plugin WooCommerce-Store Exporter Privilege Escalation (1.8.3)

Severity

High

Classification

CVE-2020-11057 CWE-94 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities