XWiki Platform RCE (CVE-2023-37462)
Description
XWiki Platform suffers from an injection flaw in the SkinsCode.XWikiSkinsSheet, allowing attackers with view access to execute arbitrary code including Groovy and Python macros.
Remediation
Upgrade to XWiki versions 14.4.8, 14.10.4, 15.0-rc-1 pr higher to resolve this vulnerability.