1. Home
  2. CVE Database
  3. CVE-2006-7223
MEDIUM · 6.5

CVE-2006-7223

PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming righ...

Vulnerability Description

PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document.

CVSS Score

6.5

MEDIUM

AV:N/AC:L/Au:S/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
XwikiXwiki0.9.543

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2006-7223?

CVE-2006-7223 is a vulnerability with a CVSS score of 6.5 (MEDIUM). PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming righ...

How severe is CVE-2006-7223?

CVE-2006-7223 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-7223?

Check the references section above for vendor advisories and patch information. Affected products include: Xwiki Xwiki.