CVE-2023-35166 | Privilege escalation (PR) from account through TipsPanel
Exp
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5.
Conclusion & alert: CVE-2023-35166 is rated High Exploit Risk (91.8/100): CVSS Critical severity, with high exploitation likelihood (EPSS 63.12%, 99th percentile).Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +2.55% over the last day, indicating growing attacker interest.Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Public exploit references (Exploit-DB) for CVE-2023-35166
Exploit prediction scoring system (EPSS) score for CVE-2023-35166
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).