CVE-2023-50722

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 15, 2023
Updated: Dec 19, 2023
CWE ID 352
CWE ID 79

Summary

CVE-2023-50722 is a vulnerability in the XWiki Platform, affecting versions prior to 14.10.15, 15.5.2, and 15.7-rc-1. The vulnerability allows for reflected cross-site scripting (XSS) or direct remote code execution in the code used to display configurable admin sections. An attacker can exploit this vulnerability without needing an account or any access to the wiki by tricking an admin user into visiting a crafted URL. This could lead to full remote code execution and impact the confidentiality, integrity, and availability of the entire XWiki installation. The issue has been fixed in versions 14.10.15, 15.5.2, and 15.7RC1, with a manual patch available for the XWiki.ConfigurableClass document.

Affected Products: XWiki Platform versions prior to 14.10.15, 15.5.2, and 15.7-rc-1. Remediation: Upgrade to XWiki versions 14.10.15, 15.5.2, or apply the manual patch for XWiki.ConfigurableClass. Potential Danger: The vulnerability allows for full remote code execution and can impact confidentiality, integrity, and availability of the entire XWiki installation.

Source: nvd@nist.gov

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-50722 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options