Xwiki · Xwiki Platform · CVE-2022-23615
**Name of the Vulnerable Software and Affected Versions**
XWiki Platform versions prior to 13.0
**Description**
The issue affects XWiki Platform, a generic wiki platform offering runtime services for applications built on top of it. In affected versions, any user with SCRIPT right can save a document with the right of the current user, allowing access to API requiring programming right if the current user has programming right.
**Recommendations**
For versions prior to 13.0, update to XWiki 13.0 to resolve the issue.
As a temporary workaround, consider limiting SCRIPT access to trusted users only.