CVE-2024-21650 | XWiki xwiki-platform up to 14.10.16/15.5.2/15.7 User Registration first name/last name neutralization of directives

A vulnerability classified as critical has been found in XWiki xwiki-platform up to 14.10.16/15.5.2/15.7. Affected is an unknown function of the component User Registration Handler. The manipulation of the argument first name/last name leads to improper neutralization of directives in dynamically evaluated code (‘eval injection’).

This vulnerability is traded as CVE-2024-21650. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-21650 | XWiki xwiki-platform up to 14.10.16/15.5.2/15.7 User Registration first name/last name neutralization of directives

Related Posts

CVE-2021-47498 | Linux Kernel up to 5.14.13 unquiesce nr_requests denial of service (8ca9745efe35/b4459b11e840)

CVE-2024-3362 | SourceCodester Online Library System 1.0 controller.php IBSN sql injection

CVE-2021-46900 | Sympa up to 6.2.61 cookie protection mechanism (Issue 1091)

CVE-2023-39196 | Apache Ozone up to 1.3.0 Storage Container Manager Service improper authentication