Description

XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking rights. The problem has been patched in XWiki 14.10 and 14.4.7 by returning a safe script API.

Remediation

References

CVE-2023-29507

Related Vulnerabilities

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-3664)

WordPress Plugin WPGlobus-Multilingual Everything! Multiple Vulnerabilities (1.9.6)

WordPress User-Agent SQL Injection Vulnerability (1.5.2)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5730)

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4544)

Severity

High

Classification

CVE-2023-29507 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities