XWiki Incorrect Authorization Vulnerability (CVE-2023-50732)

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1.

Remediation

References

CVE-2023-50732

Related Vulnerabilities

Apache Tomcat version older than 6.0.6

PmWiki Other Vulnerability (CVE-2006-4453)

MySQL Configuration Vulnerability (CVE-2012-5613)

WordPress Plugin ApplyOnline-Application Form Builder and Manager Arbitrary File Disclosure (1.9.92)

Python Numeric Errors Vulnerability (CVE-2008-2316)

Severity

Medium

Classification

CVE-2023-50732 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L