CNNVD-202601-4284 Information
CNNVD ID
CNNVD-202601-4284
Related CVE
- CNNVD Published: 2026-01-24
Description (Chinese)
XWiki Platform是XWiki开源的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform 7.0-milestone-2至16.10.11版本、17.0.0-rc-1至17.4.4版本和17.5.0-rc-1至17.7.0版本存在安全漏洞,该漏洞源于反射型跨站脚本,可能导致攻击者执行任意操作。
Description (English)
XWiki Platform is an open source of XWiki ’ s Wiki platform for creating a Web collaborative application. XWiki Platform 7.0-milestone-2 to 16.10.11, 17.0.0-rc-1 to 17.4.4 and 17.5.0-rc-1 to 17.7.0 have security gaps, which stem from reflective cross-site scripts and may lead to arbitrary operations by the attackers.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
XWiki
Published
2026-01-24
Last Modified
2026-02-24
References
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wvqx-m5px-6cmp https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-16.10.12 https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-17.8.0-rc-1 https://jira.xwiki.org/browse/XWIKI-23462 https://github.com/xwiki/xwiki-platform/commit/8337ac8c3b19c37f306723b638b2cae8b0a57dbf https://github.com/xwiki/xwiki-platform/releases/tag/xwiki-platform-17.4.5 https://access.redhat.com/security/cve/cve-2026-24128
Patch
https://www.xwiki.org/xwiki/bin/view/Main/WebHome
Share on: