Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-2110

Groovy contained in comments is executed if page editor has programming rights

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 2.5 M2
    • 1.2.2
    • {Unused} Core
    • None

    Description

      If a page has been saved with programming rights, any user can execute groovy code, by adding a comment containing groovy code on the page.

      Attachments

        Activity

          People

            calebjamesdelisle CalebJamesDeLisle
            raffaello Raffaello Pelagalli
            Votes:
            2 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: