Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
XWiki Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2020-11057 - Vulnerability Database
XWikiplatform

XWiki Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2020-11057

High
Reference: CVE-2020-11057
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-11057
Title: XWiki Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

In XWiki Platform 7.2 through 11.10.2 registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. This has been fixed 11.3.7 11.10.3 and 12.0.