How severe is CVE-2023-29523?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2023-29523?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2023-29523 - HIGH Severity | CVSS 8.8

Vulnerability Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The same vulnerability can also be exploited in other contexts where the `display` method on a document is used to display a field with wiki syntax, for example in applications created using `App Within Minutes`. This has been patched in XWiki 13.10.11, 14.4.8, 14.10.2 and 15.0RC1. There is no workaround apart from upgrading.

Related Vulnerabilities

CVE-2012-1496

HIGH

CVSS:8.8(High)

Local file inclusion in WebCalendar before 1.2.5.

CWE-742012

CVE-2013-3628

HIGH

CVSS:8.8(High)

Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability

CWE-742013

CVE-2014-5083

HIGH

CVSS:8.8(High)

A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 p...

CWE-742014

CVE-2014-5084

HIGH

CVSS:8.8(High)

A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of fwrite, which could let a remote malicious user execute arbitrary code. CVE-2014-5084 pertains to instan...

CWE-742014

CVE-2014-5085

HIGH

CVSS:8.8(High)

A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 perta...

CWE-742014

CVE-2014-5086

HIGH

CVSS:8.8(High)

A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CV...

CWE-742014