CVE-2007-4888

Name of the Vulnerable Software and Affected Versions: XWiki versions 1.0 B1 through 1.0 B2

Description: The issue allows remote authenticated users to read arbitrary documents due to the doc variable being associated with the entire document content and metadata, regardless of a user's view rights. This can be exploited via a custom skin that prints the content attribute of the doc variable.

Recommendations: For XWiki versions 1.0 B1 and 1.0 B2, consider restricting access to the doc variable or implementing custom view rights to prevent unauthorized access to documents. As a temporary workaround, avoid using custom skins that print the content attribute of the doc variable until a proper fix is available.