CVE-2023-35150

HIGH Year: 2023
CVSS v3 Score
8.0
High
Weakness Type
CWE-95
View all →

Vulnerability Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m-2 and prior to versions 14.4.8, 14.10.4, and 15.0, any user with view rights on any document can execute code with programming rights, leading to remote code execution by crafting an url with a dangerous payload. The problem has been patched in XWiki 15.0, 14.10.4 and 14.4.8.

Related Vulnerabilities

CVE-2023-6735

HIGH
CVSS:7.8(High)

Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

CWE-952023

CVE-2023-7101

HIGH
CVSS:7.8(High)

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated ...

CWE-952023

CVE-2023-7224

HIGH
CVSS:7.8(High)

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable

CWE-952023

CVE-2023-7245

HIGH
CVSS:7.8(High)

The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via...

CWE-952023

CVE-2024-27320

HIGH
CVSS:7.8(High)

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user cre...

CWE-952024

CVE-2024-27321

HIGH
CVSS:7.8(High)

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a user...

CWE-952024