CVE-2021-29459

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-29459

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29459.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-29459

Aliases

GHSA-5c66-v29h-xjh8

Published

2021-04-20T19:15:09Z

Modified

2024-09-02T22:12:04Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible to persistently inject scripts in XWiki versions prior to 12.6.3 and 12.8. Unregistred users can fill simple text fields. Registered users can fill in their personal information and (if they have edit rights) fill the values of static lists using App Within Minutes. There is no easy workaround except upgrading XWiki. The vulnerability has been patched on XWiki 12.8 and 12.6.3.

References

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5c66-v29h-xjh8

Affected packages

Git / github.com/xwiki/xwiki-commons

Affected ranges

Type: GIT
Repo: https://github.com/xwiki/xwiki-commons
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

efca524187dbf4339e6a83ebf115b7160f84e3d4

Type: GIT
Repo: https://github.com/xwiki/xwiki-platform
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e4053a8b2f2182ddca099099e35b1d30098eaf25