Description

XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.

Remediation

References

CVE-2023-29506

Related Vulnerabilities

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6003)

Oracle Application Server CVE-2007-5519 Vulnerability (CVE-2007-5519)

OpenSSL Improper Input Validation Vulnerability (CVE-2008-5077)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1830)

MySQL CVE-2013-1506 Vulnerability (CVE-2013-1506)

Severity

Medium

Classification

CVE-2023-29506 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities