216.73.217.98

CVE-2024-43401

· Published 19/08/2024 17:15 · Modified 20/08/2024 16:09

Labels: CVE-2024-43401 2024-08-19CVE-2024-43401CWE-269CWE-862[email protected]

Essential information

Published
19/08/2024 17:15
Modified
20/08/2024 16:09
Author
Creator
CVSS
8.0 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content. The payload is executed at edit time. This vulnerability has been patched in XWiki 15.10RC1.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
xwiki / xwiki cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*

References