In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
CVE-2024-43401
8HIGH
What is CVE-2024-43401?
The XWiki Platform vulnerability allows a non-privileged user to exploit a flaw in the WYSIWYG editor. By tricking a user with elevated rights into editing content with a malicious payload, the elevated user inadvertently executes potentially dangerous code without prior warning. This flaw can lead to significant security issues, as it compromises the integrity of the content and the trust users place in the platform. The vulnerability has been addressed and patched in version 15.10RC1.
Affected Version(s)
xwiki-platform < 15.10-rc-1