CVE-2023-38509
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Nov 7, 2023
Updated: Mar 18, 2024
CWE ID 402
Summary
CVE-2023-38509 affects the XWiki Platform, a generic wiki solution. Prior to XWiki versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not properly implemented in the xwiki-platform-livetable-ui module, allowing obfuscated emails to bypass this security feature. This vulnerability has been addressed in XWiki versions 14.10.9 and 15.3-rc-1. As a temporary solution, users can modify the `XWiki.LiveTableResultsMacros` page according to the patch.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Xwiki
Affected Vendors
- xwiki