Xwiki · Xwiki Platform · CVE-2021-32621
**Name of the Vulnerable Software and Affected Versions**
XWiki Platform versions prior to 12.6.7
XWiki Platform versions prior to 12.10.3
**Description**
A user without Script or Programming right is able to execute script requiring privileges by editing gadget titles in the dashboard.
**Recommendations**
For versions prior to 12.6.7, upgrade to XWiki 12.6.7 or later.
For versions prior to 12.10.3, upgrade to XWiki 12.10.3 or later.
As a temporary workaround, consider restricting access to the dashboard gadget titles until a patch is applied.