XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other than upgrading.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-03-02T18:17:09.152Z

Updated: 2024-08-02T11:53:52.768Z

Reserved: 2023-02-23T23:22:58.573Z

Link: CVE-2023-26473

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-03-02T19:15:11.313

Modified: 2024-11-21T07:51:34.917

Link: CVE-2023-26473

cve-icon Redhat

No data.