Advisories for Maven/Com.xpn.xwiki.platform/Xwiki-Core-Rest-Server package

2023

Cross-Site Request Forgery (CSRF)

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The REST API allows executing all actions via POST requests and accepts text/plain, multipart/form-data or application/www-form-urlencoded as content types which can be sent via regular HTML forms, thus allowing cross-site request forgery. With the interaction of a user with programming rights, this allows remote code execution through script macros and thus impacts the …