VYPR
Moderate severityNVD Advisory· Published Mar 2, 2023· Updated Mar 5, 2025

XWiki Platform allows macro execution as any user without programming rights through the context macro

CVE-2023-26056

Description

XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known workarounds for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.xwiki.platform:xwiki-platform-rendering-macro-contextMaven
>= 3.0-milestone-1, < 13.10.1013.10.10
org.xwiki.platform:xwiki-platform-rendering-macro-contextMaven
>= 14.0-rc-1, < 14.4.514.4.5
org.xwiki.platform:xwiki-platform-rendering-macro-contextMaven
>= 14.5, < 14.8-rc-114.8-rc-1

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.