CVE-2021-32621

CVE-2021-32621

### Impact
A user without Script or Programming right is able to execute script requiring privileges by editing gadget titles in the dashboard.

### Patches
The issue has been patched in XWiki 12.6.7, 12.10.3 and 13.0RC1.

### Workarounds
There’s no easy workaround for this issue, it is recommended to upgrade XWiki.

### References
https://jira.xwiki.org/browse/XWIKI-17794

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [JIRA](https://jira.xwiki.org)
* Email us at [XWiki security mailing-list](mailto:[email protected])

Source: CVE-2021-32621

댓글 남기기

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다

Time limit is exhausted. Please reload the CAPTCHA.