CVE-2021-32621

Posted on by admin

CVE-2021-32621

### Impact
A user without Script or Programming right is able to execute script requiring privileges by editing gadget titles in the dashboard.

### Patches
The issue has been patched in XWiki 12.6.7, 12.10.3 and 13.0RC1.

### Workarounds
There’s no easy workaround for this issue, it is recommended to upgrade XWiki.

### References
https://jira.xwiki.org/browse/XWIKI-17794

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [JIRA](https://jira.xwiki.org)
* Email us at [XWiki security mailing-list](mailto:[email protected])

Source: CVE-2021-32621

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다