VYPR
High severityNVD Advisory· Published Jun 20, 2023· Updated Dec 6, 2024

Privilege escalation (PR) from account through TipsPanel

CVE-2023-35166

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.xwiki.platform:xwiki-platform-help-uiMaven
>= 8.1-milestone-1, < 14.10.514.10.5
org.xwiki.platform:xwiki-platform-help-uiMaven
>= 15.0-rc-1, < 15.1-rc-115.1-rc-1

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.