Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-26477

Published: 02/03/2023 Updated: 07/11/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Xwiki

Vulnerability Summary

XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the `newThemeName` request parameter (URL parameter), in combination with additional parameters. This has been patched in the supported versions 13.10.10, 14.9-rc-1, and 14.4.6. As a workaround, it is possible to edit `FlamingoThemesCode.WebHomeSheet` and manually perform the changes from the patch fixing the issue.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xwiki xwiki

Vendor Advisories

Check Point Security Alerts: XWiki Remote Code Execution (CVE-2023-26477)
Check Point Reference: CPAI-2023-1605 Date Published: 28 Mar 2024 Severity: Critical ...

Github Repositories

https://github.com/kitsec-labs/kitsec-core

Ethical hacking, made easy.

A minimalistic Python framework for fast and centralized ethical hacking Endorsements "Really cool tool sets for specific tasks or combinations together :) great work!" todayisnew "Kitsec impressed me It's user-friendly and centralized, making it fast and efficient It offers a wide range of capabilities, including OWASP Top 10 coverage, fuzzing,

References

CWE-94https://github.com/xwiki/xwiki-platform/commit/ea2e615f50a918802fd60b09ec87aa04bc6ea8e2#diff-e2153fa59f9d92ef67b0afbf27984bd17170921a3b558fac227160003d0dfd2aR283-R284https://jira.xwiki.org/browse/XWIKI-19757https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x2qm-r4wx-8gpghttps://nvd.nist.govhttps://github.com/kitsec-labs/kitsec-corehttps://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2023-1605.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook