CVE-2023-35166

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-35166

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-35166.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-35166

Aliases

GHSA-h7cw-44vp-jq7h

Published

2023-06-20T19:29:51.912Z

Modified

2026-04-02T09:06:34.422942Z

Severity

9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

Privilege escalation (PR) from account through TipsPanel

Details

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5.

Database specific

{
    "cwe_ids": [
        "CWE-863"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/35xxx/CVE-2023-35166.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/xwiki/xwiki-platform

Affected ranges

Type

GIT

Repo

https://github.com/xwiki/xwiki-platform

Events

Introduced

ec1b0343f4948f1475fb67c2ecff87ab7f0526d5

Fixed

0cb75bab7ac0c3ecbd0429e88726435b55970c8e

Database specific

{
    "versions": [
        {
            "introduced": "8.1-milestone-1"
        },
        {
            "fixed": "14.10.5"
        }
    ]
}

Type

GIT

Repo

https://github.com/xwiki/xwiki-platform

Events

Introduced

d823334f762d5ad86bea378b65af0b230668d401

Fixed

216402d67310861edc37d1b31e587781b9d6b0aa

Database specific

{
    "versions": [
        {
            "introduced": "15.0-rc-1"
        },
        {
            "fixed": "15.1-rc-1"
        }
    ]
}

Affected versions

xwiki-platform-10.*

xwiki-platform-10.0

xwiki-platform-10.1

xwiki-platform-10.1-rc-1

xwiki-platform-10.10

xwiki-platform-10.10-rc-1

xwiki-platform-10.11

xwiki-platform-10.11-rc-1

xwiki-platform-10.11.1

xwiki-platform-10.11.10

xwiki-platform-10.11.11

xwiki-platform-10.11.2

xwiki-platform-10.11.3

xwiki-platform-10.11.4

xwiki-platform-10.11.5

xwiki-platform-10.11.6

xwiki-platform-10.11.7

xwiki-platform-10.11.8

xwiki-platform-10.11.9

xwiki-platform-10.2

xwiki-platform-10.3

xwiki-platform-10.4

xwiki-platform-10.4-rc-1

xwiki-platform-10.5

xwiki-platform-10.5-rc-1

xwiki-platform-10.6

xwiki-platform-10.6-rc-1

xwiki-platform-10.6.1

xwiki-platform-10.7

xwiki-platform-10.7-rc-1

xwiki-platform-10.7.1

xwiki-platform-10.8

xwiki-platform-10.8-rc-1

xwiki-platform-10.8.1

xwiki-platform-10.8.2

xwiki-platform-10.8.3

xwiki-platform-10.9

xwiki-platform-11.*

xwiki-platform-11.0

xwiki-platform-11.0.1

xwiki-platform-11.0.2

xwiki-platform-11.0.3

xwiki-platform-11.1

xwiki-platform-11.1-rc-1

xwiki-platform-11.10

xwiki-platform-11.10.1

xwiki-platform-11.10.10

xwiki-platform-11.10.11

xwiki-platform-11.10.12

xwiki-platform-11.10.13

xwiki-platform-11.10.2

xwiki-platform-11.10.3

xwiki-platform-11.10.4

xwiki-platform-11.10.5

xwiki-platform-11.10.6

xwiki-platform-11.10.7

xwiki-platform-11.10.8

xwiki-platform-11.2

xwiki-platform-11.2-rc-1

xwiki-platform-11.3

xwiki-platform-11.3-rc-1

xwiki-platform-11.3.1

xwiki-platform-11.3.2

xwiki-platform-11.3.3

xwiki-platform-11.3.4

xwiki-platform-11.3.5

xwiki-platform-11.3.6

xwiki-platform-11.3.7

xwiki-platform-11.4

xwiki-platform-11.4-rc-1

xwiki-platform-11.5

xwiki-platform-11.5-rc-1

xwiki-platform-11.6

xwiki-platform-11.6-rc-1

xwiki-platform-11.6.1

xwiki-platform-11.7

xwiki-platform-11.7-rc-1

xwiki-platform-11.8

xwiki-platform-11.8-rc-1

xwiki-platform-11.8.1

xwiki-platform-11.9

xwiki-platform-12.*

xwiki-platform-12.0

xwiki-platform-12.0-rc-1

xwiki-platform-12.1

xwiki-platform-12.1-rc-1

xwiki-platform-12.10

xwiki-platform-12.10.1

xwiki-platform-12.10.10

xwiki-platform-12.10.11

xwiki-platform-12.10.2

xwiki-platform-12.10.3

xwiki-platform-12.10.4

xwiki-platform-12.10.5

xwiki-platform-12.10.6

xwiki-platform-12.10.7

xwiki-platform-12.10.8

xwiki-platform-12.10.9

xwiki-platform-12.2

xwiki-platform-12.2.1

xwiki-platform-12.3

xwiki-platform-12.3-rc-1

xwiki-platform-12.4

xwiki-platform-12.4-rc-1

xwiki-platform-12.5

xwiki-platform-12.5-rc-1

xwiki-platform-12.5.1

xwiki-platform-12.6

xwiki-platform-12.6.1

xwiki-platform-12.6.2

xwiki-platform-12.6.3

xwiki-platform-12.6.4

xwiki-platform-12.6.5

xwiki-platform-12.6.6

xwiki-platform-12.6.7

xwiki-platform-12.6.8

xwiki-platform-12.7

xwiki-platform-12.7-rc-1

xwiki-platform-12.7.1

xwiki-platform-12.8

xwiki-platform-12.8-rc-1

xwiki-platform-12.9

xwiki-platform-12.9-rc-1

xwiki-platform-13.*

xwiki-platform-13.0

xwiki-platform-13.1

xwiki-platform-13.1-rc-1

xwiki-platform-13.10

xwiki-platform-13.10-rc-1

xwiki-platform-13.10.1

xwiki-platform-13.10.10

xwiki-platform-13.10.11

xwiki-platform-13.10.2

xwiki-platform-13.10.3

xwiki-platform-13.10.4

xwiki-platform-13.10.5

xwiki-platform-13.10.6

xwiki-platform-13.10.7

xwiki-platform-13.10.8

xwiki-platform-13.10.9

xwiki-platform-13.2

xwiki-platform-13.2-rc-1

xwiki-platform-13.3

xwiki-platform-13.3-rc-1

xwiki-platform-13.4

xwiki-platform-13.4-rc-1

xwiki-platform-13.4.1

xwiki-platform-13.4.2

xwiki-platform-13.4.3

xwiki-platform-13.4.4

xwiki-platform-13.4.5

xwiki-platform-13.4.6

xwiki-platform-13.4.7

xwiki-platform-13.5

xwiki-platform-13.5-rc-1

xwiki-platform-13.6

xwiki-platform-13.6-rc-1

xwiki-platform-13.7

xwiki-platform-13.7-rc-1

xwiki-platform-13.8

xwiki-platform-13.8-rc-1

xwiki-platform-13.9

xwiki-platform-13.9-rc-1

xwiki-platform-14.*

xwiki-platform-14.0

xwiki-platform-14.0-rc-1

xwiki-platform-14.1

xwiki-platform-14.1-rc-1

xwiki-platform-14.10

xwiki-platform-14.10.1

xwiki-platform-14.10.2

xwiki-platform-14.10.3

xwiki-platform-14.10.4

xwiki-platform-14.2

xwiki-platform-14.2-rc-1

xwiki-platform-14.2.1

xwiki-platform-14.3

xwiki-platform-14.3-rc-1

xwiki-platform-14.3.1

xwiki-platform-14.4

xwiki-platform-14.4-rc-1

xwiki-platform-14.4.1

xwiki-platform-14.4.2

xwiki-platform-14.4.3

xwiki-platform-14.4.4

xwiki-platform-14.4.5

xwiki-platform-14.4.6

xwiki-platform-14.4.7

xwiki-platform-14.4.8

xwiki-platform-14.5

xwiki-platform-14.6

xwiki-platform-14.6-rc-1

xwiki-platform-14.7

xwiki-platform-14.7-rc-1

xwiki-platform-14.8

xwiki-platform-14.8-rc-1

xwiki-platform-14.9

xwiki-platform-14.9-rc-1

xwiki-platform-15.*

xwiki-platform-15.0

xwiki-platform-15.0-rc-1

xwiki-platform-15.1

xwiki-platform-15.1-rc-1

xwiki-platform-15.10

xwiki-platform-15.10-rc-1

xwiki-platform-15.10.1

xwiki-platform-15.10.10

xwiki-platform-15.10.11

xwiki-platform-15.10.12

xwiki-platform-15.10.13

xwiki-platform-15.10.14

xwiki-platform-15.10.15

xwiki-platform-15.10.16

xwiki-platform-15.10.2

xwiki-platform-15.10.3

xwiki-platform-15.10.4

xwiki-platform-15.10.5

xwiki-platform-15.10.6

xwiki-platform-15.10.7

xwiki-platform-15.10.8

xwiki-platform-15.10.9

xwiki-platform-15.2

xwiki-platform-15.2-rc-1

xwiki-platform-15.3

xwiki-platform-15.3-rc-1

xwiki-platform-15.4

xwiki-platform-15.4-rc-1

xwiki-platform-15.5

xwiki-platform-15.5-rc-1

xwiki-platform-15.5.1

xwiki-platform-15.5.2

xwiki-platform-15.5.3

xwiki-platform-15.5.4

xwiki-platform-15.5.5

xwiki-platform-15.6

xwiki-platform-15.6-rc-1

xwiki-platform-15.7

xwiki-platform-15.7-rc-1

xwiki-platform-15.8

xwiki-platform-15.8-rc-1

xwiki-platform-15.9

xwiki-platform-15.9-rc-1

xwiki-platform-16.*

xwiki-platform-16.0.0

xwiki-platform-16.0.0-rc-1

xwiki-platform-16.1.0

xwiki-platform-16.1.0-rc-1

xwiki-platform-16.10.0

xwiki-platform-16.10.0-rc-1

xwiki-platform-16.10.1

xwiki-platform-16.10.10

xwiki-platform-16.10.11

xwiki-platform-16.10.12

xwiki-platform-16.10.13

xwiki-platform-16.10.14

xwiki-platform-16.10.15

xwiki-platform-16.10.16

xwiki-platform-16.10.2

xwiki-platform-16.10.3

xwiki-platform-16.10.4

xwiki-platform-16.10.5

xwiki-platform-16.10.6

xwiki-platform-16.10.7

xwiki-platform-16.10.8

xwiki-platform-16.10.9

xwiki-platform-16.2.0

xwiki-platform-16.2.0-rc-1

xwiki-platform-16.3.0

xwiki-platform-16.3.0-rc-1

xwiki-platform-16.3.1

xwiki-platform-16.4.0

xwiki-platform-16.4.0-rc-1

xwiki-platform-16.4.1

xwiki-platform-16.4.2

xwiki-platform-16.4.3

xwiki-platform-16.4.4

xwiki-platform-16.4.5

xwiki-platform-16.4.6

xwiki-platform-16.4.7

xwiki-platform-16.4.8

xwiki-platform-16.5.0

xwiki-platform-16.5.0-rc-1

xwiki-platform-16.6.0

xwiki-platform-16.6.0-rc-1

xwiki-platform-16.7.0

xwiki-platform-16.7.1

xwiki-platform-16.8.0

xwiki-platform-16.8.0-rc-1

xwiki-platform-16.9.0

xwiki-platform-16.9.0-rc-1

xwiki-platform-17.*

xwiki-platform-17.0.0

xwiki-platform-17.0.0-rc-1

xwiki-platform-17.1.0

xwiki-platform-17.1.0-rc-1

xwiki-platform-17.10.0

xwiki-platform-17.10.0-rc-1

xwiki-platform-17.10.1

xwiki-platform-17.10.2

xwiki-platform-17.10.3

xwiki-platform-17.10.4

xwiki-platform-17.10.5

xwiki-platform-17.2.0

xwiki-platform-17.2.0-rc-1

xwiki-platform-17.2.1

xwiki-platform-17.2.2

xwiki-platform-17.3.0

xwiki-platform-17.3.0-rc-1

xwiki-platform-17.4.0

xwiki-platform-17.4.0-rc-1

xwiki-platform-17.4.1

xwiki-platform-17.4.10

xwiki-platform-17.4.2

xwiki-platform-17.4.3

xwiki-platform-17.4.4

xwiki-platform-17.4.5

xwiki-platform-17.4.6

xwiki-platform-17.4.7

xwiki-platform-17.4.8

xwiki-platform-17.4.9

xwiki-platform-17.5.0

xwiki-platform-17.6.0

xwiki-platform-17.6.0-rc-1

xwiki-platform-17.7.0

xwiki-platform-17.7.0-rc-1

xwiki-platform-17.8.0

xwiki-platform-17.8.0-rc-1

xwiki-platform-17.9.0

xwiki-platform-17.9.0-rc-1

xwiki-platform-18.*

xwiki-platform-18.0.0

xwiki-platform-18.0.0-rc-1

xwiki-platform-18.0.1

xwiki-platform-18.1.0

xwiki-platform-18.1.0-rc-1

xwiki-platform-18.2.0

xwiki-platform-18.2.0-rc-1

xwiki-platform-8.*

xwiki-platform-8.1

xwiki-platform-8.1-milestone-1

xwiki-platform-8.1-milestone-2

xwiki-platform-8.1-rc-1

xwiki-platform-8.2

xwiki-platform-8.2-milestone-1

xwiki-platform-8.2-milestone-2

xwiki-platform-8.2-rc-1

xwiki-platform-8.2.1

xwiki-platform-8.2.2

xwiki-platform-8.3

xwiki-platform-8.3-milestone-1

xwiki-platform-8.3-milestone-2

xwiki-platform-8.3-rc-1

xwiki-platform-8.4

xwiki-platform-8.4-rc-1

xwiki-platform-8.4.1

xwiki-platform-8.4.2

xwiki-platform-8.4.3

xwiki-platform-8.4.4

xwiki-platform-8.4.5

xwiki-platform-8.4.6

xwiki-platform-9.*

xwiki-platform-9.0

xwiki-platform-9.0-rc-1

xwiki-platform-9.1

xwiki-platform-9.1-rc-1

xwiki-platform-9.1.1

xwiki-platform-9.1.2

xwiki-platform-9.10

xwiki-platform-9.10-rc-1

xwiki-platform-9.10.1

xwiki-platform-9.11

xwiki-platform-9.11-rc-1

xwiki-platform-9.11.1

xwiki-platform-9.11.2

xwiki-platform-9.11.3

xwiki-platform-9.11.4

xwiki-platform-9.11.5

xwiki-platform-9.11.6

xwiki-platform-9.11.7

xwiki-platform-9.11.8

xwiki-platform-9.11.9

xwiki-platform-9.2

xwiki-platform-9.2-rc-1

xwiki-platform-9.3

xwiki-platform-9.3-rc-1

xwiki-platform-9.3.1

xwiki-platform-9.4

xwiki-platform-9.4-rc-1

xwiki-platform-9.5

xwiki-platform-9.5-rc-1

xwiki-platform-9.5.1

xwiki-platform-9.6

xwiki-platform-9.6-rc-1

xwiki-platform-9.7

xwiki-platform-9.7-rc-1

xwiki-platform-9.8

xwiki-platform-9.8-rc-1

xwiki-platform-9.8.1

xwiki-platform-9.9

xwiki-platform-9.9-rc-2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-35166.json"