VYPR
High severityNVD Advisory· Published Mar 2, 2023· Updated Mar 5, 2025

XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data

CVE-2023-26480

Description

XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XWiki 14.9, 14.4.7, and 13.10.10. There are no known workarounds.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.xwiki.platform:xwiki-platform-livedata-macroMaven
>= 12.10, < 13.10.1013.10.10
org.xwiki.platform:xwiki-platform-livedata-macroMaven
>= 14.0, < 14.4.714.4.7
org.xwiki.platform:xwiki-platform-livedata-macroMaven
>= 14.5, < 14.914.9

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.