CVE-2024-41947

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-41947
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41947.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-41947
Aliases
Published
2024-07-31T15:24:20Z
Modified
2025-10-14T14:33:34Z
Severity
  • 9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
XWiki Platform XSS through conflict resolution
Details

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.8 and 16.3.0RC1.

References

Affected packages

Git / github.com/xwiki/xwiki-platform

Affected ranges

Type
GIT
Repo
https://github.com/xwiki/xwiki-platform
Events
Introduced
ce2de707725e69940b2eaba7f87ee3d4a9f31fea
Fixed
4524f78640db8d9d09d8706682663a7bed574741
Type
GIT
Repo
https://github.com/xwiki/xwiki-platform
Events
Introduced
6f103dbca9c98cf3b53bfadb83d982facb198d56
Fixed
f3f611601edff567b6cb19e0359f51441c335bbb

Git / github.com/xwiki/xwiki-platform

Affected ranges

Type
GIT
Repo
https://github.com/xwiki/xwiki-platform
Events
Introduced
ce2de707725e69940b2eaba7f87ee3d4a9f31fea
Fixed
4524f78640db8d9d09d8706682663a7bed574741
Type
GIT
Repo
https://github.com/xwiki/xwiki-platform
Events
Introduced
6f103dbca9c98cf3b53bfadb83d982facb198d56
Fixed
f3f611601edff567b6cb19e0359f51441c335bbb