Description
XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-2 and prior to versions 14.10.4 and 15.0-rc-1, it's possible for a user to execute anything with the right of the author of the XWiki.ClassSheet document. This has been patched in XWiki 15.0-rc-1 and 14.10.4. There are no known workarounds.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Review Multiple Unspecified Vulnerabilities (2.0)
TYPO3 Insufficient Session Expiration Vulnerability (CVE-2022-23502)
Atlassian Jira Incorrect Authorization Vulnerability (CVE-2021-43948)
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.30)
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-26699)