CVE-2024-43401

In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content. The payload is executed at edit time. This vulnerability has been patched in XWiki 15.10RC1.

INFO

Published Date :

2024-08-19T16:24:29.698Z

Last Modified :

2024-08-21T14:23:29.403Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2024-43401 vulnerability.

Vendors	Products
Xwiki	Xwiki Xwiki-platform

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-43401.

URL	Resource
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f963-4cq8-2gw7
https://jira.xwiki.org/browse/XWIKI-20331
https://jira.xwiki.org/browse/XWIKI-21311
https://jira.xwiki.org/browse/XWIKI-21481
https://jira.xwiki.org/browse/XWIKI-21482
https://jira.xwiki.org/browse/XWIKI-21483
https://jira.xwiki.org/browse/XWIKI-21484
https://jira.xwiki.org/browse/XWIKI-21485
https://jira.xwiki.org/browse/XWIKI-21486
https://jira.xwiki.org/browse/XWIKI-21487
https://jira.xwiki.org/browse/XWIKI-21488
https://jira.xwiki.org/browse/XWIKI-21489
https://jira.xwiki.org/browse/XWIKI-21490

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact