XWiki is an open-source wiki software platform. Any XWiki user with edit right on at least one App Within Minutes application (the default for all users XWiki) can obtain programming right/perform remote code execution by editing the application. This vulnerability has been fixed in XWiki 17.0.0, 16.4.7, and 16.10.3.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.xwiki.platform:xwiki-platform-oldcore(Maven) | 7.2-milestone-2 | 16.4.7 | N/A |
| org.xwiki.platform:xwiki-platform-oldcore(Maven) | 16.5.0-rc-1 | 16.10.3 | N/A |
| org.xwiki.platform:xwiki-platform-oldcore(Maven) | 17.0.0-rc-1 | 17.0.0 | N/A |
CVSS Metrics
