PT-2020-12518 · Xwiki · Xwiki Platform

Published

2020-05-12

Updated

2021-11-04

CVE-2020-11057

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions XWiki Platform versions 7.2 through 11.10.2

Description The issue allows registered users without scripting or programming permissions to execute python or groovy scripts while editing personal dashboards.

Recommendations For versions 7.2 through 11.10.2, update to version 11.3.7, 11.10.3, or 12.0 to resolve the issue.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2020-11057

GHSA-RMP6-JJG8-9424

Affected Products

Xwiki Platform

PT-2020-12518 · Xwiki · Xwiki Platform

CVE-2020-11057

Weakness Enumeration

Related Identifiers

Affected Products

References · 7