Description
XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-2 and prior to versions 14.10.4 and 15.0-rc-1, it's possible for a user to execute anything with the right of the author of the XWiki.ClassSheet document. This has been patched in XWiki 15.0-rc-1 and 14.10.4. There are no known workarounds.
Remediation
References
Related Vulnerabilities
MySQL CVE-2020-14836 Vulnerability (CVE-2020-14836)
WordPress Plugin WooCommerce Cross-Site Request Forgery (3.6.4)
WordPress Plugin Image Intense SQL Injection (3.2.5)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4030)
WordPress Plugin Spreadsheet (wpSS) 'ss_id' Parameter SQL Injection (0.61)