CVE-2023-50722

Summary

CVE-2023-50722 is a vulnerability in the XWiki Platform, affecting versions prior to 14.10.15, 15.5.2, and 15.7-rc-1. The vulnerability allows for reflected cross-site scripting (XSS) or direct remote code execution in the code used to display configurable admin sections. An attacker can exploit this vulnerability without needing an account or any access to the wiki by tricking an admin user into visiting a crafted URL. This could lead to full remote code execution and impact the confidentiality, integrity, and availability of the entire XWiki installation. The issue has been fixed in versions 14.10.15, 15.5.2, and 15.7RC1, with a manual patch available for the `XWiki.ConfigurableClass` document. Affected Products: XWiki Platform versions prior to 14.10.15, 15.5.2, and 15.7-rc-1. Remediation: Upgrade to XWiki versions 14.10.15, 15.5.2, or apply the manual patch for `XWiki.ConfigurableClass`. Potential Danger: The vulnerability allows for full remote code execution and can impact confidentiality, integrity, and availability of the entire XWiki installation. Source: [email protected]

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.