High severityNVD Advisory· Published Jun 20, 2023· Updated Dec 6, 2024
Privilege escalation (PR) from account through TipsPanel
CVE-2023-35166
Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.xwiki.platform:xwiki-platform-help-uiMaven | >= 8.1-milestone-1, < 14.10.5 | 14.10.5 |
org.xwiki.platform:xwiki-platform-help-uiMaven | >= 15.0-rc-1, < 15.1-rc-1 | 15.1-rc-1 |
Affected products
2- Range: >= 8.1-milestone-1, < 14.10.5
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-h7cw-44vp-jq7hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-35166ghsaADVISORY
- github.com/xwiki/xwiki-platform/commit/98208c5bb1e8cdf3ff1ac35d8b3d1cb3c28b3263ghsax_refsource_MISCWEB
- github.com/xwiki/xwiki-platform/security/advisories/GHSA-h7cw-44vp-jq7hghsax_refsource_CONFIRMWEB
- jira.xwiki.org/browse/XWIKI-20281ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.