漏洞标题
XWiki 平台在注释中存在远程代码执行的漏洞
漏洞描述信息
XWiki Platform在注解中存在远程代码执行漏洞
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
XWiki Platform vulnerable to Remote Code Execution in Annotations
漏洞描述信息
XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. This has been patched in XWiki 13.10.11, 14.4.7 and 14.10. There is no easy workaround except to upgrade.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
漏洞类别
特权上下文切换错误
漏洞标题
XWiki Platform 安全漏洞
漏洞描述信息
XWiki Platform是法国XWiki公司的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform存在安全漏洞,该漏洞源于允许通过注释文档以任何文档作者的权限执行任何操作。
CVSS信息
N/A
漏洞类别
其他