CVE-2022-24821

HIGH Year: 2022
CVSS v3 Score
8.1
High
CVSS v2 Score
5.5
Medium
Weakness Type
CWE-648
View all →

Vulnerability Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. This issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6. There's no easy workaround for this issue, administrators should upgrade their wiki.

Related Vulnerabilities

CVE-2022-4687

HIGH
CVSS:8.1(High)

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0.

CWE-6482022

CVE-2022-4796

HIGH
CVSS:8.1(High)

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.

CWE-6482022

CVE-2020-5291

HIGH
CVSS:7.8(High)

Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep...

CWE-6482020

CVE-2024-22042

HIGH
CVSS:7.8(High)

A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (c...

CWE-6482024

CVE-2025-23375

HIGH
CVSS:7.8(High)

Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vul...

CWE-6482025

CVE-2023-4993

HIGH
CVSS:7.5(High)

Incorrect Use of Privileged APIs vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.This issue affects SoliPay Mobile App: before 5.0.8.

CWE-6482023