XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with SCRIPT right (EDIT right before XWiki 7.4) can save a document with the right of the current user which allow accessing API requiring programming right if the current user has programming right. It has been patched in XWiki 13.0. The only workaround is to give SCRIPT right only to trusted users.

Affected Packages

Maven org.xwiki.platform:xwiki-platform-oldcore

Affected versions: 1.0 (fixed in 13.0)

Related CVEs

CVE-2022-23615

Key Information

GHSA ID

GHSA-f4cj-3q3h-884r

Published

February 9, 2022 9:21 PM

Last Modified

May 5, 2022 6:01 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.xwiki.platform:xwiki-platform-oldcore

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 23, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.