WRITEUP

WRITEUP

Exploit for CVE-2023-37912 - Xwiki-rendering < 14.10.6 - Remote Code Execution

AI Analysis

This patch addresses CVE-2023-37912 by improving footnote rendering in XWiki. It modifies the parsing and execution of footnote content, introduces unique ID generation, and enhances test coverage for nested footnotes.

Attack Type

other

Complexity

moderate

Reliability

reliable

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type patch

Files 1

https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e

Authors

Michael Hamann

Vulnerability

CVE-2023-37912

Xwiki-rendering < 14.10.6 - Remote Code Execution

CRITICAL

CVSS 9.9