VulnerableCode Vulnerability Details - VCID-j7hm-1eg7-53e2

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-j7hm-1eg7-53e2

Essentials
Severities (3)
References (12)
Severity details (2)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-j7hm-1eg7-53e2
Aliases	CVE-2024-31982 GHSA-2858-8cfx-69m9
Summary	XWiki Platform: Remote code execution as guest via DatabaseSearch XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and availability of the whole XWiki installation.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-94	Improper Control of Generation of Code ('Code Injection')
CWE-95	Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.94255	https://api.first.org/data/v1/epss?cve=CVE-2024-31982
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-2858-8cfx-69m9
cvssv3.1_qr	CRITICAL	https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2858-8cfx-69m9

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-31982
		https://github.com/xwiki/xwiki-platform
		https://github.com/xwiki/xwiki-platform/commit/3c9e4bb04286de94ad24854026a09fa967538e31
		https://github.com/xwiki/xwiki-platform/commit/459e968be8740c8abc2a168196ce21e5ba93cfb8
		https://github.com/xwiki/xwiki-platform/commit/95bdd6cc6298acdf7f8f21298d40eeb8390a8565
		https://jira.xwiki.org/browse/XWIKI-21472
		https://www.vicarius.io/vsociety/posts/xwiki-rce-cve-2024-31982
CVE-2024-31982		https://nvd.nist.gov/vuln/detail/CVE-2024-31982
CVE-2024-31982-DETECT-XWIKI-VULNERABILITY		https://www.vicarius.io/vsociety/posts/cve-2024-31982-detect-xwiki-vulnerability
CVE-2024-31982-XWIKI-MITIGATION-VULNERABILITY		https://www.vicarius.io/vsociety/posts/cve-2024-31982-xwiki-mitigation-vulnerability
GHSA-2858-8cfx-69m9		https://github.com/advisories/GHSA-2858-8cfx-69m9
GHSA-2858-8cfx-69m9		https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2858-8cfx-69m9

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.99935
EPSS Score	0.94255
Published At	May 30, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-30T21:03:49.696699+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.xwiki.platform/xwiki-platform-search-ui/CVE-2024-31982.yml	38.6.0