VYPR
Critical severityNVD Advisory· Published Mar 2, 2023· Updated Mar 5, 2025

XWiki Platform vulnerable to Remote Code Execution in Annotations

CVE-2023-26475

Description

XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. This has been patched in XWiki 13.10.11, 14.4.7 and 14.10. There is no easy workaround except to upgrade.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.xwiki.platform:xwiki-platform-annotation-uiMaven
>= 2.3-milestone-1, < 13.10.1113.10.11
org.xwiki.platform:xwiki-platform-annotation-uiMaven
>= 14.0-rc-1, < 14.4.714.4.7
org.xwiki.platform:xwiki-platform-annotation-uiMaven
>= 14.5, < 14.1014.10

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.