Description

XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking rights. The problem has been patched in XWiki 14.10 and 14.4.7 by returning a safe script API.

Remediation

References

CVE-2023-29507

Related Vulnerabilities

MySQL CVE-2017-10384 Vulnerability (CVE-2017-10384)

WordPress Plugin Integration of Moneybird for WooCommerce Cross-Site Scripting (2.1.1)

WebLogic CVE-2022-21259 Vulnerability (CVE-2022-21259)

WordPress Plugin 3DPrint Cross-Site Request Forgery (3.5.4.7)

Joomla Improper Privilege Management Vulnerability (CVE-2012-1563)

Severity

High

Classification

CVE-2023-29507 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities