CVE-2024-43400

5.4MEDIUM

Key Information:

Vendor: Xwiki
Status: Xwiki
Vendor: CVE Published:; 19 August 2024

Summary

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript. This requires social engineer to trick a user to follow the URL. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0.

References

https://github.com/xwiki/xwiki-platform/security/advisori...

https://github.com/xwiki/xwiki-platform/commit/27eca8423f...

https://jira.xwiki.org/browse/XWIKI-21810

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 19, 2024