Main Vulnerability Database Vulnerabilities #VU130040

Improper access control in XWiki platform - CVE-2021-32621

Published: May 18, 2021 / Updated: May 5, 2026

Vulnerability identifier: #VU130040

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-32621

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
XWiki platform

Software vendor:
XWiki

Description

The vulnerability allows a remote user to execute script requiring privileges.

The vulnerability exists due to improper access control in gadget titles in the dashboard when editing gadget titles. A remote user can inject crafted script content to execute script requiring privileges.

The issue affects users without Script or Programming right.

Remediation

Install security update from vendor's website.

External links

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h353-hc43-95vc
https://jira.xwiki.org/browse/XWIKI-17794

Improper access control in XWiki platform - CVE-2021-32621

Description

Remediation

External links

Please verify you're human