Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. Users unable to upgrade may apply the patch `e3527b98fd` manually.

Remediation

References

CVE-2023-27480

Related Vulnerabilities

WordPress Plugin YARPP-Yet Another Related Posts Cross-Site Scripting (5.30.2)

Apache HTTP Server Other Vulnerability (CVE-2004-0492)

WordPress Plugin WP Mail Log Cross-Site Request Forgery (1.0.1)

MySQL CVE-2019-2681 Vulnerability (CVE-2019-2681)

WordPress Plugin Light Post 'abspath' Parameter Remote File Include (1.4)

Severity

High

Classification

CVE-2023-27480 CWE-611 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities