Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17, 15.5.3 and 15.8-rc-1 by ensuring that the rights are checked before performing the rollback.
Remediation
References
Related Vulnerabilities
Magento CVE-2019-8231 Vulnerability (CVE-2019-8231)
WordPress Plugin Contact Form 7-PayPal Add-on Cross-Site Request Forgery (1.3.4)
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.10)
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.3)
Oracle Application Server CVE-2008-1812 Vulnerability (CVE-2008-1812)