VYPR
Critical severityNVD Advisory· Published Mar 2, 2023· Updated Mar 5, 2025

XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author

CVE-2023-26474

Description

XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.xwiki.platform:xwiki-platform-oldcoreMaven
>= 13.10, < 13.10.1113.10.11
org.xwiki.platform:xwiki-platform-legacy-oldcoreMaven
>= 13.10, < 13.10.1113.10.11
org.xwiki.platform:xwiki-platform-oldcoreMaven
>= 14.0, < 14.4.714.4.7
org.xwiki.platform:xwiki-platform-legacy-oldcoreMaven
>= 14.0, < 14.4.714.4.7
org.xwiki.platform:xwiki-platform-oldcoreMaven
>= 14.5, < 14.1014.10
org.xwiki.platform:xwiki-platform-legacy-oldcoreMaven
>= 14.5, < 14.1014.10

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.