CVE-2026-33229 | xwiki xwiki-platform up to 17.4.7/17.10.0 Velocity Scripting API authorization

Inserito da Angelo Barbosa | Apr 8, 2026 | CVE

A vulnerability was found in xwiki xwiki-platform, xwiki-platform-legacy-oldcore and xwiki-platform-oldcore up to 17.4.7/17.10.0. It has been declared as problematic. The impacted element is an unknown function of the component Velocity Scripting API. Such manipulation leads to missing authorization.

This vulnerability is traded as CVE-2026-33229. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2026-33229 | xwiki xwiki-platform up to 17.4.7/17.10.0 Velocity Scripting API authorization

Post correlati

CVE-2024-5661 | Citrix Hypervisor 8.2 CU1 LTSR improper control of interaction frequency (CTX677100)

CVE-2024-24307 | Product Designer Module prior 1.178.36 on PrestaShop ajaxProcessCropImage path traversal

CVE-2024-51225 | PHPGurukul Vehicle Record Management System 1.0 /admin/add-brand.php brandname cross site scripting

CVE-2023-50094 | reNgine up to 2.0.2 api/tools/waf_detector/ url os command injection