CVE-2023-30537

CVSS V2 None CVSS V3 None
Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with the right to add an object on a page can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the styles properties `FlamingoThemesCode.WebHome`. This page is installed by default. The vulnerability has been patched in XWiki versions 13.10.11, 14.4.7 and 14.10.
Overview
  • CVE ID
  • CVE-2023-30537
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-04-16T08:15:07
  • Last Modified Date
  • 2023-04-26T20:07:04
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* 1 OR 12.6.6 13.10.11
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* 1 OR 14.0 14.4.7
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* 1 OR 14.5 14.10
History
Created Old Value New Value Data Type Notes
2023-04-17 04:49:20 Added to TrackCVE
2023-04-17 04:49:22 Weakness Enumeration new
2023-04-17 14:01:59 2023-04-17T13:12:43 CVE Modified Date updated
2023-04-17 14:01:59 Received Awaiting Analysis Vulnerability Status updated
2023-04-21 16:00:56 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-04-26 21:00:51 2023-04-26T20:07:04 CVE Modified Date updated
2023-04-26 21:00:51 Undergoing Analysis Analyzed Vulnerability Status updated
2023-04-26 21:00:58 Weakness Enumeration update
2023-04-26 21:01:01 CPE Information updated