Manuelleduc

**Name of the Vulnerable Software and Affected Versions** XWiki Platform versions 2.3 through 15.10.8 XWiki Platform versions 16.3.0 before the patch **Description** The issue allows any user with script rights to perform arbitrary remote code execution by adding instances of `XWiki.ConfigurableClass` to any page, compromising the confidentiality, integrity, and availability of the whole XWiki installation. **Recommendations** For XWiki Platform versions 2.3 through 15.10.8, upgrade to version 15.10.9. For XWiki Platform versions 16.3.0 before the patch, upgrade to version 16.3.0 with the patch applied. As a temporary workaround, consider restricting access to the `XWiki.ConfigurableClass` to minimize the risk of exploitation.