WRITEUP

WRITEUP

Exploit for CVE-2023-36468 - XWiki Platform - Info Disclosure

AI Analysis

This patch introduces a 'restricted' attribute to XWikiDocument to mitigate script execution in old revisions and deleted documents, preventing potential RCE by denying script rights and restricting transformations when the document is marked as restricted.

Attack Type

RCE

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1221 - Template Injection

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type patch

Files 1

https://github.com/xwiki/xwiki-platform/commit/15a6f845d8206b0ae97f37aa092ca43d4f9d6e59

Authors

Michael Hamann

Vulnerability

CVE-2023-36468

XWiki Platform - Info Disclosure

CRITICAL

CVSS 9.9