Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. This issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6. There's no easy workaround for this issue, administrators should upgrade their wiki.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

特权API的不正确使用

XWiki Platform 安全漏洞

Xwiki Platform是法国Xwiki公司的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform存在安全漏洞，该漏洞源于简单的用户可以在没有特定权限的情况下创建全局 SSX/JSX：理论上应该只允许具有编程权限的用户创建在 wiki 上随处执行的 SSX 或 JSX。但是一个错误允许任何具有编辑权限的人实际创建这些。

N/A

N/A