CRITICAL🇬🇧 English

CVE-2023-26055

CVSS 9.9v3.1pub. 2023-03-02upd. 2024-11-21

XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be executed with programming right. The same vulnerability can also be exploited in all other places where short text properties are displayed, e.g., in apps created using Apps Within Minutes that use a short text field. The problem has been patched on versions 13.10.9, 14.4.4, 14.7RC1.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Xwiki Commons

    APP
    Xwiki
    14.43.13.1.13.2 – 13.10.9 (bez)14.4 – 14.4.4 (bez)14.5 – 14.7 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-36471CRITICAL9.0ten sam produkt

Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is include...

CVE-2023-29528CRITICAL9.0ten sam produkt

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode ...

CVE-2022-24898MEDIUM4.9ten sam produkt

org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in ver...

CVE-2025-24893CRITICAL9.8⚠ KEVPL ✓ten sam vendor

XWiki Platform — niezautoryzowany RCE przez endpoint SolrSearch

CVE-2025-65091CRITICAL10.0PL ✓ten sam vendor

SQL Injection w XWiki Full Calendar Macro — dostęp bez uwierzytelnienia