// For flags

CVE-2006-7223

 

Severity Score

6.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document.

PreviewAction de XWiki 0.9.543 hasta 0.9.1252 no asigna al campo Author la identidad del usuario que modificó por último un documento, lo cual permite a usuarios remotos autenticados sin derechos de programación ejecutar código de su elección seleccionando un documento cuyo autor tiene derechos de programación, modificando ese documento para que contenga un script, y previsualizándolo sin guardar el contenido.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-09-13 CVE Reserved
  • 2007-09-14 CVE Published
  • 2024-09-16 CVE Updated
  • 2024-09-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (1)
URL Tag Source
http://jira.xwiki.org/jira/browse/XWIKI-366 X_refsource_confirm
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Xwiki
Search vendor "Xwiki"
Xwiki
Search vendor "Xwiki" for product "Xwiki"
0.9.543
Search vendor "Xwiki" for product "Xwiki" and version "0.9.543"
-
Affected
Xwiki
Search vendor "Xwiki"
Xwiki
Search vendor "Xwiki" for product "Xwiki"
0.9.790
Search vendor "Xwiki" for product "Xwiki" and version "0.9.790"
-
Affected
Xwiki
Search vendor "Xwiki"
Xwiki
Search vendor "Xwiki" for product "Xwiki"
0.9.793
Search vendor "Xwiki" for product "Xwiki" and version "0.9.793"
-
Affected
Xwiki
Search vendor "Xwiki"
Xwiki
Search vendor "Xwiki" for product "Xwiki"
0.9.840
Search vendor "Xwiki" for product "Xwiki" and version "0.9.840"
-
Affected
Xwiki
Search vendor "Xwiki"
Xwiki
Search vendor "Xwiki" for product "Xwiki"
0.9.1252
Search vendor "Xwiki" for product "Xwiki" and version "0.9.1252"
-
Affected