Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content. The payload is executed at edit time. This vulnerability has been patched in XWiki 15.10RC1.

Remediation

References

CVE-2024-43401

Related Vulnerabilities

WordPress Plugin FireStorm Professional Real Estate 'id' Parameter SQL Injection (2.06.03)

WordPress Plugin Form for WordPress-Zoho Forms Cross-Site Scripting (3.0)

WordPress Plugin Google Captcha (reCAPTCHA) by BestWebSoft Cross-Site Scripting (1.27)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-9709)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-17571)

Severity

High

Classification

CVE-2024-43401 CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities