Back to search
CVE-2006-7223
Published: Sep 14, 2007
Modified: Sep 16, 2024
PUBLISHED
Description
PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://jira.xwiki.org/jira/browse/XWIKI-366
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now