VYPR
← All advisories
Moderate severityNVD Advisory· Published Sep 14, 2007· Updated Apr 23, 2026

CVE-2006-7223

CVE-2006-7223

Description

PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.xwiki.platform:xwiki-platform-oldcoreMaven
>= 0.9.543, < 1.0B11.0B1

Affected products

5
  • Xwiki/Xwiki5 versions
    cpe:2.3:a:xwiki:xwiki:0.9.1252:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:xwiki:xwiki:0.9.1252:*:*:*:*:*:*:*
    • cpe:2.3:a:xwiki:xwiki:0.9.543:*:*:*:*:*:*:*
    • cpe:2.3:a:xwiki:xwiki:0.9.790:*:*:*:*:*:*:*
    • cpe:2.3:a:xwiki:xwiki:0.9.793:*:*:*:*:*:*:*
    • cpe:2.3:a:xwiki:xwiki:0.9.840:*:*:*:*:*:*:*

Patches

1
c44172a3556d

PreviewAction bugfix

https://github.com/xwiki/xwiki-platformmarta-Oct 11, 2006via ghsa
commit
1 file changed · +9 1
  • src/main/java/com/xpn/xwiki/web/PreviewAction.java+9 1 modified
    @@ -95,6 +95,10 @@ public String render(XWikiContext context) throws XWikiException {
 				vcontext.put("cdoc", vcontext.get("doc"));
 				doc2.readFromTemplate(((EditForm) form).getTemplate(), context);
 				doc2.readFromForm((EditForm) form, context);
+                doc2.setAuthor(context.getUser());
+                if(doc2.isNew()){
+                    doc2.setCreator(context.getUser());
+                }
 			} else {
 				// Need to save parent and defaultLanguage if they have changed
 				tdoc = doc.getTranslatedDocument(language, context);
@@ -106,8 +110,12 @@ public String render(XWikiContext context) throws XWikiException {
 				vcontext.put("cdoc", vcontext.get("tdoc"));
 				tdoc2.readFromTemplate(((EditForm) form).getTemplate(), context);
 				tdoc2.readFromForm((EditForm) form, context);
+                tdoc2.setAuthor(context.getUser());
+                if(tdoc2.isNew()){
+                    tdoc2.setCreator(context.getUser());
+                }
 			}
-            // recomfirm edit (captcha) when jcaptcha is not correct
+            // reconfirm edit (captcha) when jcaptcha is not correct
             if ((context.get("recheckcaptcha") != null) && ((Boolean)context.get("recheckcaptcha")).booleanValue())
                 return "captcha";
             else return "preview";

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.