Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XWiki Platform privilege escalation (PR)/RCE from account through class sheet
Vulnerability Description
XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-2 and prior to versions 14.10.4 and 15.0-rc-1, it's possible for a user to execute anything with the right of the author of the XWiki.ClassSheet document. This has been patched in XWiki 15.0-rc-1 and 14.10.4. There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
授权机制不正确
Vulnerability Title
XWiki Platform 安全漏洞
Vulnerability Description
XWiki Platform是法国XWiki基金会的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform 3.3-milestone-2、14.10.4 之前版本和 15.0-rc-1 之前版本存在安全漏洞,该漏洞源于用户可以使用 XWiki.ClassSheet 文档的作者的权限执行任何操作。
CVSS Information
N/A
Vulnerability Type
N/A