cbcvebase.
CVE-2021-32620
published 2021-05-28

CVE-2021-32620: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 11.10.13, 12.6.7, and 12.10.2, a…

PriorityP350high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.13%
62.4th percentile
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 11.10.13, 12.6.7, and 12.10.2, a user disabled on a wiki using email verification for registration canouldre-activate themself by using the activation link provided for his registration. The problem has been patched in the following versions of XWiki: 11.10.13, 12.6.7, 12.10.2, 13.0. It is possible to workaround the issue by resetting the `validkey` property of the disabled XWiki users. This can be done by editing the user profile with object editor.

Affected

7 ranges
VendorProductVersion rangeFixed in
xwikixwiki>= 11.6 < 11.10.1311.10.13
xwikixwiki>= 12.0 < 12.6.712.6.7
xwikixwiki>= 12.10.3 < 13.013.0
xwikixwiki>= 12.7 < 12.10.212.10.2
xwikixwiki-platform< 11.10.1311.10.13
xwikixwiki-platform
xwikixwiki-platform

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.