{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T18:45:07.250","vulnerabilities":[{"cve":{"id":"CVE-2020-15252","sourceIdentifier":"security-advisories@github.com","published":"2020-10-16T17:15:11.963","lastModified":"2024-11-21T05:05:11.877","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. This is patched in XWiki 12.5 and XWiki 11.10.6."},{"lang":"es","value":"En XWiki versiones anteriores a 2.5 y 11.10.6, cualquier usuario con derecho de SCRIPT (EDITA justo antes de XWiki versión 7.4) puede obtener acceso al contexto de Servlet del servidor de aplicaciones que contiene herramientas que permiten crear instancias de objetos Java arbitrarios e invocar métodos que pueden conllevar a una ejecución de código arbitraria.&#xa0;Esto está parcheado en XWiki versión 12.5 y XWiki versión 11.10.6"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*","versionEndExcluding":"11.10.6","matchCriteriaId":"350BC601-A0A0-4F98-A214-501520DB5B68"},{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0","versionEndExcluding":"12.5","matchCriteriaId":"B8AA8373-E93F-4259-AB5A-1A44A5A83966"}]}]}],"references":[{"url":"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5hv6-mh8q-q9v8","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://jira.xwiki.org/browse/XWIKI-17141","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://jira.xwiki.org/browse/XWIKI-17423","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5hv6-mh8q-q9v8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://jira.xwiki.org/browse/XWIKI-17141","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"https://jira.xwiki.org/browse/XWIKI-17423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}