Home > Vulnerability Database > CVE-2024-41947

Mend.io Vulnerability Database

CVE-2024-41947

Good to know:

Date: July 31, 2024

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.8 and 16.3.0RC1.

Language: Java

Severity Score

9.0

Related Resources (7)

Url: https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-692v-783f-mg8x

Url: https://github.com/xwiki/xwiki-platform

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-41947

Url: https://jira.xwiki.org/browse/XWIKI-21626

Url: https://github.com/xwiki/xwiki-platform/commit/821d43ec45e67d45a6735a0717b9b77fffc1cd9f

Url: https://github.com/xwiki/xwiki-platform/commit/e00e159d3737397eebd1f6ff925c1f5cb7cdec34

Url: https://www.mend.io/vulnerability-database/CVE-2024-41947

Severity Score

9.0

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

CWE-80

Top Fix

Upgrade Version

Upgrade to version org.xwiki.platform:xwiki-platform-web-templates:15.10.8,16.3.0

Learn More

CVSS v3.1

Base Score:	9.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-41947

Good to know:

Date: July 31, 2024

Language: Java

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?