CVE-2024-31983
CVSS 3.1 Score 9.9 of 10 (high)
Details
Summary
CVE-2024-31983 is a vulnerability impacting the XWiki Platform, a popular wiki solution. In multilingual wikis, it allows any user with edit rights to bypass the necessary authorization for editing translations, potentially leading to remote code execution in versions prior to 4.10.20, 15.5.4, and 15.10-rc-1. This vulnerability can be exploited by manipulating translation values, which are not properly escaped. The issue has been resolved in XWiki versions 14.10.20, 15.5.4, and 15.10-rc-1. As a temporary measure, administrators can restrict edit rights on documents containing translations.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Xwiki
Affected Vendors
- xwiki