Description
In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. This has been fixed 11.3.7 , 11.10.3 and 12.0.
Remediation
References
Related Vulnerabilities
Joomla! Core 3.x.x Cross-Site Request Forgery (3.2.0 - 3.9.12)
Oracle JRE CVE-2014-0461 Vulnerability (CVE-2014-0461)
MySQL CVE-2023-22038 Vulnerability (CVE-2023-22038)
MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2335)
WebLogic Improper Input Validation Vulnerability (CVE-2017-15707)