CVE-2020-13654

HIGH LAB

XWiki Platform <12.8 - Info Disclosure

Title source: llm

Description

XWiki Platform before 12.8 mishandles escaping in the property displayer.

Exploits (1)

nomisec WORKING POC
by Astaruf · poc
https://github.com/Astaruf/CVE-2020-13654

References (4)

Scores

CVSS v3 7.5
EPSS 0.0010
EPSS Percentile 26.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Lab Environment

COMMUNITY
Community Lab
docker pull xwiki:11.10.5-postgres-tomcat

Details

CWE
CWE-116
Status published
Products (2)
org.xwiki.platform/xwiki-platform-web 0 - 12.8Maven
xwiki/xwiki < 12.8
Published Dec 31, 2020
Tracked Since Feb 18, 2026