Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-43401

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content. The payload is executed at edit time. This vulnerability has been patched in XWiki 15.10RC1.

Published

2024-08-19T17:15:09.317

Last Modified

2024-08-20T16:09:23.747

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.0 (CRITICAL)

Weaknesses

Type: Secondary
CWE-269
Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	xwiki	xwiki	≤ 15.9	Yes

References

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f963-4cq8-2gw7 Vendor Advisory ([email protected])
https://jira.xwiki.org/browse/XWIKI-20331 Issue Tracking, Vendor Advisory ([email protected])
https://jira.xwiki.org/browse/XWIKI-21311 Issue Tracking, Vendor Advisory ([email protected])
https://jira.xwiki.org/browse/XWIKI-21481 Issue Tracking, Vendor Advisory ([email protected])
https://jira.xwiki.org/browse/XWIKI-21482 Issue Tracking, Vendor Advisory ([email protected])
https://jira.xwiki.org/browse/XWIKI-21483 Issue Tracking, Vendor Advisory ([email protected])
https://jira.xwiki.org/browse/XWIKI-21484 Issue Tracking, Vendor Advisory ([email protected])
https://jira.xwiki.org/browse/XWIKI-21485 Issue Tracking, Vendor Advisory ([email protected])
https://jira.xwiki.org/browse/XWIKI-21486 Issue Tracking, Vendor Advisory ([email protected])
https://jira.xwiki.org/browse/XWIKI-21487 Issue Tracking, Vendor Advisory ([email protected])
https://jira.xwiki.org/browse/XWIKI-21488 Issue Tracking, Vendor Advisory ([email protected])
https://jira.xwiki.org/browse/XWIKI-21489 Issue Tracking, Vendor Advisory ([email protected])
https://jira.xwiki.org/browse/XWIKI-21490 Issue Tracking, Vendor Advisory ([email protected])