Vulnerability Details CVE-2006-7223
PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.6%
CVSS Severity
CVSS v2 Score 6.5
Products affected by CVE-2006-7223
-
cpe:2.3:a:xwiki:xwiki:0.9.1252
-
cpe:2.3:a:xwiki:xwiki:0.9.543
-
cpe:2.3:a:xwiki:xwiki:0.9.790
-
cpe:2.3:a:xwiki:xwiki:0.9.793
-
cpe:2.3:a:xwiki:xwiki:0.9.840