CVE-2024-37899 | xwiki-platform up to 13.5/14.10.20/15.5.4/15.10.5/16.0.0 User Profile code injection

Inserito da Angelo Barbosa | Giu 21, 2024 | CVE

A vulnerability was found in xwiki-platform up to 13.5/14.10.20/15.5.4/15.10.5/16.0.0 and classified as critical. This issue affects some unknown processing of the component User Profile Handler. The manipulation leads to code injection.

The identification of this vulnerability is CVE-2024-37899. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-37899 | xwiki-platform up to 13.5/14.10.20/15.5.4/15.10.5/16.0.0 User Profile code injection

Post correlati

CVE-2024-41241 | Kashipara Responsive School Management System 3.2.0 /smsa/admin_login.php error cross site scripting

CVE-2023-52383 | Huawei HarmonyOS/EMUI 3.0.0/3.1.0/4.0.0 RSMC Module double free

CVE-2022-23180 | Contact Form & Lead Form Elementor Builder Plugin up to 1.7.3 on WordPress Setting authorization (ID 2670484)

CVE-2024-22207 | fastify-swagger-ui up to 2.0.x insecure default initialization of resource