CVE-2024-41947

MEDIUM EPSS 72.3%
Published Jul 31, 20241y ago · Modified Jun 17, 20261w ago
5.4 CVSS 3.1
Medium
Find Similar
Published Jul 31, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.8 and 16.3.0RC1.

CVSS Details

Base Score
5.4
Exploitability
2.3
Impact
2.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
72.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-79 Cross-site Scripting Injection
CWE-80

Affected Products 2

VendorProductVersionRange
xwikixwiki*≥11.8  –  <15.10.8
xwikixwiki*≥16.0  –  <16.3.0

References 4

  • github.com https://github.com/xwiki/xwiki-platform/commit/821d43ec45e67d45a6735a0717b9b77fffc1cd9f
    Patch
  • github.com https://github.com/xwiki/xwiki-platform/commit/e00e159d3737397eebd1f6ff925c1f5cb7cdec34
    Patch
  • github.com https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-692v-783f-mg8x
    Vendor Advisory
  • jira.xwiki.org https://jira.xwiki.org/browse/XWIKI-21626
    Issue TrackingVendor Advisory

Remediation

  • github.com https://github.com/xwiki/xwiki-platform/commit/821d43ec45e67d45a6735a0717b9b77fffc1cd9f
    Patch
  • github.com https://github.com/xwiki/xwiki-platform/commit/e00e159d3737397eebd1f6ff925c1f5cb7cdec34
    Patch