Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.7
CVSSv3

CVE-2023-27480

Published: 07/03/2023 Updated: 14/03/2023
CVSS v3 Base Score: 7.7 | Impact Score: 4 | Exploitability Score: 3.1
VMScore: 0
Subscribe to Xwiki

Vulnerability Summary

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. Users unable to upgrade may apply the patch `e3527b98fd` manually.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xwiki xwiki

xwiki xwiki 1.1

References

CWE-611https://github.com/xwiki/xwiki-platform/commit/e3527b98fdd8dc8179c24dc55e662b2c55199434https://jira.xwiki.org/browse/XWIKI-20320https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx4f-976g-7g6vhttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook