Main Vulnerability Database SB20240819171

SB20240819171 - Improper privilege management in XWiki

Published: August 19, 2024 Updated: April 24, 2026

Security Bulletin ID SB20240819171

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper privilege management (CVE-ID: CVE-2024-43401)

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to improper privilege management in WYSIWYG editors when editing content containing a malicious payload. A remote user can trick a user with script or programming rights into editing crafted content to execute arbitrary code.

User interaction is required, and the payload is executed at edit time.

Remediation

Install update from vendor's website.

References

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f963-4cq8-2gw7
https://github.com/advisories/GHSA-f963-4cq8-2gw7