CVE-2006-7223

Name of the Vulnerable Software and Affected Versions XWiki versions 0.9.543 through 0.9.1252

Description The issue allows remote authenticated users without programming rights to execute arbitrary code. This is achieved by selecting a document whose author has programming rights, modifying the document to contain a script, and then previewing the document without saving it.

Recommendations For XWiki versions 0.9.543 through 0.9.1252, consider restricting access to the PreviewAction feature until a proper fix is applied, ensuring that only authorized users can preview documents, especially those with programming rights. Additionally, limit the ability to modify documents to only those users who have been explicitly granted programming rights.