WEB APPLICATION VULNERABILITIES Standard & Premium

XWiki CVE-2023-26473 Vulnerability (CVE-2023-26473)

Description

XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other than upgrading.

Remediation

References

Related Vulnerabilities

Microsoft SQL Server Other Vulnerability (CVE-2002-0721)

WordPress Plugin MyBookTable Bookstore by Author Media Unspecified Vulnerability (2.1.4)

OpenSSL Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2018-5407)

Apache Tomcat CVE-2017-5651 Vulnerability (CVE-2017-5651)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13094)

Severity

Medium

Classification

CVE-2023-26473 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities