Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
XWiki 权限许可和访问控制漏洞
Vulnerability Description
XWiki中的PreviewAction不设置最后修改文件的用户字段,使不具编写代码权限的远程验证用户通过选择一个具有代码编写权的作者的文件并修改该文件以包含一个脚本,可以不需要对文件进行存盘操作就直接预览该文件并执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A