Description
XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other than upgrading.
References (2)
Core 2
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vpx4-7rfp-h545
Exploit, Issue Tracking, Patch, Vendor Advisory x_refsource_misc
https://jira.xwiki.org/browse/XWIKI-19523
Scores
CVSS v3
6.5
EPSS
0.0010
EPSS Percentile
26.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (3)
org.xwiki.platform/xwiki-platform-web
1.3-rc-1 - 13.10.11Maven
xwiki/xwiki
1.3 rc1
xwiki/xwiki
1.3 - 13.10.11
Published
Mar 02, 2023
Tracked Since
Feb 18, 2026