Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XWiki programming rights may be inherited by inclusion
Vulnerability Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using `{{include reference="targetdocument"/}}` is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the `include` macro. This vulnerability has been patched in XWiki 15.0 RC1 by making the default behavior safe.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
授权机制不正确
Vulnerability Title
XWiki Platform 安全漏洞
Vulnerability Description
XWiki Platform是XWiki基金会的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform 15.0-rc-1之前版本存在安全漏洞,该漏洞源于编程权限可能通过包含来继承,这可能会导致安全问题。
CVSS Information
N/A
Vulnerability Type
N/A