Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-40572

Published: 24/08/2023 Updated: 01/09/2023
CVSS v3 Base Score: 8 | Impact Score: 5.9 | Exploitability Score: 2.1
VMScore: 0
Subscribe to Xwiki

Vulnerability Summary

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. When a user with script right views this image and a log message `ERROR foo - Script executed!` appears in the log, the XWiki installation is vulnerable. This has been patched in XWiki 14.10.9 and 15.4RC1 by requiring a CSRF token for the actual page creation.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xwiki xwiki 15.0

xwiki xwiki 15.1

xwiki xwiki

xwiki xwiki 15.2

xwiki xwiki 15.3

References

CWE-352https://github.com/xwiki/xwiki-platform/commit/4b20528808d0c311290b0d9ab2cfc44063380ef7https://jira.xwiki.org/browse/XWIKI-20849https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4f8m-7h83-9f6mhttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook