Azefzafyoussef

Name of the Vulnerable Software and Affected Versions XWiki Platform versions prior to 17.4.8 and prior to 17.10.1 Description The XWiki Platform has an improperly protected scripting API. A user with script rights can bypass the Velocity scripting API sandbox and execute arbitrary Python scripts, potentially gaining full access to the XWiki instance, compromising its confidentiality, integrity, and availability. Recommendations Update to XWiki Platform version 17.4.8 or later. Update to XWiki Platform version 17.10.1 or later.