Vulnerability Database
296,772
Total vulnerabilities in the database
CVE-2023-40572
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. When a user with script right views this image and a log message ERROR foo - Script executed! appears in the log, the XWiki installation is vulnerable. This has been patched in XWiki 14.10.9 and 15.4RC1 by requiring a CSRF token for the actual page creation.
| Software | From | Fixed in |
|---|---|---|
org.xwiki.platform / xwiki-platform-oldcore
|
3.2-milestone-3 | 14.10.9 |
|
org.xwiki.platform / xwiki-platform-oldcore
|
15.0-rc-1 | 15.4-rc-1 |
| xwiki / xwiki | 15.0-rc1 | 15.0-rc1.x |
| xwiki / xwiki | 15.0 | 15.0.x |
| xwiki / xwiki | 15.1 | 15.1.x |
| xwiki / xwiki | 15.1-rc1 | 15.1-rc1.x |
| xwiki / xwiki | - | 14.10.9 |
| xwiki / xwiki | 15.2 | 15.2.x |
| xwiki / xwiki | 15.2-rc1 | 15.2-rc1.x |
| xwiki / xwiki | 15.3 | 15.3.x |
| xwiki / xwiki | 15.3-rc1 | 15.3-rc1.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime