Description

XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.

Remediation

References

CVE-2023-29506

Related Vulnerabilities

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-28335)

WordPress Plugin Paid Business Listings Blind SQL Injection (1.0.2)

WordPress Plugin Audio Record Arbitrary File Upload (1.0)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-16942)

WordPress Plugin MapPress Maps for WordPress Security Bypass (2.54.5)

Severity

Medium

Classification

CVE-2023-29506 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities