How severe is CVE-2024-55877?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2024-55877?

This is classified as CWE-96, which is a common weakness in software security.

CVE-2024-55877 - HIGH Severity | CVSS 8.8

Vulnerability Description

XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of `XWiki.WikiMacroClass` to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been fixed in XWiki 15.10.11, 16.4.1 and 16.5.0. It is possible to manually apply the patch to the page `XWiki.XWikiSyntaxMacrosList` as a workaround.

Related Vulnerabilities

CVE-2015-2079

HIGH

CVSS:8.8(High)

Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.

CWE-962015

CVE-2022-43938

HIGH

CVSS:8.8(High)

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prp...

CWE-962022

CVE-2024-55662

HIGH

CVSS:8.8(High)

XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where `Extension Repository Application` is installed, any user ca...

CWE-962024

CVE-2024-32487

HIGH

CVSS:8.6(High)

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled fi...

CWE-962024

CVE-2023-39726

CRITICAL

CVSS:9.8(Critical)

An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.

CWE-962023

CVE-2024-13264

CRITICAL

CVSS:9.8(Critical)

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0....

CWE-962024