XWiki.CKEditor.HTMLConverter.CSRF
Description
This indicates an attack attempt to exploit a Cross-Site Request Forgery vulnerability in XWiki CKEditor.
The vulnerability is due to lack of protection mechanism against CSRF attempts in the application. An attacker can exploit this by tricking an unsuspecting user with privileges in to executing arbitrary code.
Affected Products
XWiki CKEditor prior to 1.64.3
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Upgrade to version 7.12.9 or higher.
https://github.com/xwiki-attic/application-ckeditor/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2024-04-18 | 27.771 |