Description
In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. This has been fixed 11.3.7 , 11.10.3 and 12.0.
Remediation
References
Related Vulnerabilities
Oracle Database Server Other Vulnerability (CVE-2007-3856)
phpMyAdmin Other Vulnerability (CVE-2007-2245)
WordPress Plugin Nmedia MailChimp Widget 'abs_path' Parameter Remote File Include (3.1)
OpenSSL Improper Input Validation Vulnerability (CVE-2010-0740)
WordPress Plugin WooCommerce-Store Exporter Privilege Escalation (1.8.3)