CVE-2023-35166

Summary

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5.

Affected Software

VendorProductVersion RangeStatus
xwikixwiki-platform>= 8.1-milestone-1, < 14.10.5affected
xwikixwiki-platform>= 15.0-rc-1, < 15.1-rc-1affected

Weaknesses

  • CWE-863: CWE-863: Incorrect Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References