Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Users with SCRIPT rights can execute arbitrary code in XWiki
Vulnerability Description
In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. The only workaround is to give SCRIPT right only to trusted users.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
XWiki 代码注入漏洞
Vulnerability Description
XWiki labs CryptPad是XWiki(Xwiki)实验室的一款编辑器。 XWiki 11.10.5和12.2.1版本中存在代码注入漏洞。攻击者可利用该漏洞执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A