CVE-2023-40572
CVSS 3.1 Score 8.0 of 10 (high)
Details
Summary
CVE-2023-40572 is a vulnerability affecting the XWiki Platform, a generic wiki solution. Hackers can exploit this weakness through a CSRF (Cross-Site Request Forgery) attack on the create action. This attack allows the execution of remote scripts when targeting a user with script or programming rights. The consequences include potential data breaches, unauthorized modifications, and service disruptions. The vulnerability can be identified by a log message `ERROR foo - Script executed!`. XWiki versions 14.10.9 and 15.4RC1 have been updated with a CSRF token requirement for page creation to mitigate this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Xwiki
Affected Vendors
- xwiki