CVE-2020-11057

Published May 12th, 2020

View on NVD ↗

CVSS v3

9.9

CRITICAL

CVSS v2

HIGH

Affected

PROJECT

Description

In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. This has been fixed 11.3.7 , 11.10.3 and 12.0.

xwiki/xwiki-platform

The XWiki platform

GitHub

1.26K