漏洞标题
XWiki平台容易通过邀请应用程序导致权限提升(PR)。
漏洞描述信息
XWiki Platform受到通过邀请应用程序从查看权限提升权限(PR)的漏洞影响
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
对生成代码的控制不恰当(代码注入)
漏洞标题
XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application
漏洞描述信息
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m-2 and prior to versions 14.4.8, 14.10.4, and 15.0, any user with view rights on any document can execute code with programming rights, leading to remote code execution by crafting an url with a dangerous payload. The problem has been patched in XWiki 15.0, 14.10.4 and 14.4.8.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
漏洞类别
动态执行代码中指令转义处理不恰当(Eval注入)
漏洞标题
XWiki Platform 代码注入漏洞
漏洞描述信息
XWiki Platform是法国XWiki基金会的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform 2.4-m-2及之前版本存在安全漏洞,该漏洞源于允许对文档具有查看权限的用户使用编程权限执行代码。
CVSS信息
N/A
漏洞类别
代码注入