June 19, 2021

SpywareNews.com

Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

CVE-2021-32621

### Impact
A user without Script or Programming right is able to execute script requiring privileges by editing gadget titles in the dashboard.

### Patches
The issue has been patched in XWiki 12.6.7, 12.10.3 and 13.0RC1.

### Workarounds
There’s no easy workaround for this issue, it is recommended to upgrade XWiki.

### References
https://jira.xwiki.org/browse/XWIKI-17794

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [JIRA](https://jira.xwiki.org)
* Email us at [XWiki security mailing-list](mailto:security@xwiki.org)