CVE-2024-31987

CVSS 3.1 Score 9.9 of 10 (high)

Details

Published Apr 10, 2024

Updated: Apr 11, 2024

CWE ID 862

Summary

CVE-2024-31987 is a remote code execution vulnerability affecting the XWiki Platform, a generic wiki solution. This issue, initially discovered in versions 6.4-milestone-1 and below, permits any user with editing privileges to create a custom skin with a template override, which is executed with programming rights. Consequently, an attacker can inject malicious code, resulting in unintended execution. The vulnerability has been mitigated in XWiki versions 14.10.19, 15.5.4, and 15.10-rc-1, and no known workarounds are available other than upgrading the affected software.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vT2E53
https://www.cve.org/CVERecord?id=CVE-2024-31987
https://nvd.nist.gov/vuln/detail/CVE-2024-31987

Back to Vulnerability Database

CVE-2024-31987

CVSS 3.1 Score 9.9 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations