- Description
- XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of `XWiki.WikiMacroClass` to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been fixed in XWiki 15.10.11, 16.4.1 and 16.5.0. It is possible to manually apply the patch to the page `XWiki.XWikiSyntaxMacrosList` as a workaround.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-96
- Hype score
- Not currently trending
CVE-2024-55877 Arbitrary Remote Code Execution in XWiki Platform Prior to 16.5.0 XWiki Platform is a general wiki tool. From version 9.7-rc-1 to before 15.10.11, 16.4.1, and 16.5.0, any user with an account could... https://t.co/ioBcIMvjJJ
@VulmonFeeds
13 Dec 2024
62 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
[CVE-2024-55877: CRITICAL] Critical security alert: XWiki Platform versions 9.7-rc-1 to 15.10.11, 16.4.1, and 16.5.0 are vulnerable to remote code execution. Update now or apply the provided patch.#cybersecurity,#vulnerability https://t.co/GpJki5dOkZ https://t.co/5tRpVFJUHi
@CveFindCom
12 Dec 2024
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes