cbcvebase.
CVE-2023-26056
published 2023-03-02

CVE-2023-26056: XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the…

PriorityP428medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
EPSS
0.56%
42.2th percentile
XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known workarounds for this issue.

Affected

7 ranges
VendorProductVersion rangeFixed in
xwikixwiki
xwikixwiki>= 14.0 < 14.4.514.4.5
xwikixwiki>= 14.5 < 14.814.8
xwikixwiki>= 3.1 < 13.10.1013.10.10
xwikixwiki-platform
xwikixwiki-platform
xwikixwiki-platform
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.