VYPR
High severityNVD Advisory· Published Mar 2, 2023· Updated Mar 5, 2025

Two XWiki Platform UIs Expose Sensitive Information to an Unauthorized Actor

CVE-2023-26476

Description

XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to LiveTableResults and WikisLiveTableResultsMacros. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and higher, or in version >= 3.2M3 by applying the patch manually on LiveTableResults and WikisLiveTableResultsMacros.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.xwiki.platform:xwiki-platform-livetable-uiMaven
>= 3.2-m3, < 13.4.413.4.4
org.xwiki.platform:xwiki-platform-wiki-ui-mainwikiMaven
>= 3.2-m3, < 13.4.413.4.4
org.xwiki.platform:xwiki-platform-livetable-uiMaven
>= 13.5.0, < 13.10.913.10.9
org.xwiki.platform:xwiki-platform-wiki-ui-mainwikiMaven
>= 13.5.0, < 13.10.913.10.9
org.xwiki.platform:xwiki-platform-livetable-uiMaven
>= 14.0.0, < 14.7-rc-114.7-rc-1
org.xwiki.platform:xwiki-platform-wiki-ui-mainwikiMaven
>= 14.0.0, < 14.7-rc-114.7-rc-1

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.