Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17, 15.5.3 and 15.8-rc-1 by ensuring that the rights are checked before performing the rollback.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server Other Vulnerability (CVE-2006-5347)
WordPress Plugin Giveaway Boost PHP Object Injection (2.1.2)
WordPress Plugin BetterDocs-Best Documentation & Knowledge Base Cross-Site Scripting (1.9.1)
WordPress Plugin SyntaxHighlighter Evolved Cross-Site Scripting (3.1.5)
WordPress Plugin leads5050-visitor-insights Security Bypass (1.0.5)