CVE-2023-35166

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jun 20, 2023
Updated: Jun 28, 2023
CWE ID 863

Summary

CVE-2023-35166 is a vulnerability affecting the XWiki Platform, a generic wiki solution. An attacker can exploit this issue by creating a malicious tip UI extension, allowing them to execute any wiki content with the privileges of the TipsPanel author. This vulnerability has been addressed in XWiki versions 15.1-rc-1 and 14.10.5.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share