AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

OR
          *cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* versions from (including) 16.5.0 up to (excluding) 16.10.4
          *cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* versions from (including) 17.0.0 up to (excluding) 17.1.0
          *cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* versions from (including) 7.4.5 up to (excluding) 16.4.7

GitHub, Inc.: https://github.com/xwiki/xwiki-platform/commit/ab209acd780da69a4c5ff77ff011efd698273cec Types: Patch

GitHub, Inc.: https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jm43-hrq7-r7w6 Types: Vendor Advisory

GitHub, Inc.: https://jira.xwiki.org/browse/XWIKI-22836 Types: Exploit, Issue Tracking, Vendor Advisory

XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never been executed. This vulnerability is fixed in 17.1.0-rc-1, 16.10.4, and 16.4.7.

AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-266

https://github.com/xwiki/xwiki-platform/commit/ab209acd780da69a4c5ff77ff011efd698273cec

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jm43-hrq7-r7w6

https://jira.xwiki.org/browse/XWIKI-22836