CVE-2023-40572

CVSS 3.1 Score 8.0 of 10 (high)

Details

Published Aug 24, 2023
Updated: Sep 1, 2023
CWE ID 352

Summary

CVE-2023-40572 is a vulnerability affecting the XWiki Platform, a generic wiki solution. Hackers can exploit this weakness through a CSRF (Cross-Site Request Forgery) attack on the create action. This attack allows the execution of remote scripts when targeting a user with script or programming rights. The consequences include potential data breaches, unauthorized modifications, and service disruptions. The vulnerability can be identified by a log message `ERROR foo - Script executed!`. XWiki versions 14.10.9 and 15.4RC1 have been updated with a CSRF token requirement for page creation to mitigate this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share