Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2022-86389
HistoryNov 25, 2022 - 12:00 a.m.

XWiki Platform code injection vulnerability

2022-11-2500:00:00
China National Vulnerability Database
www.cnvd.org.cn
18
xwiki
code injection
vulnerability
macro
content
menu
groovy
python
velocity
cnvd

0.004 Low

EPSS

Percentile

73.9%

JSON

XWiki Platform is a Wiki platform for creating Web collaboration applications from the French company XWiki. XWiki Platform is vulnerable to code injection. The vulnerability stems from the macro content and menu macro parameters are not properly escaped, an attacker can use the vulnerability to execute arbitrary Groovy, Python or Velocity code.

Related

openvas 1
github 1
cvelist 1
osv 2
nvd 1
cve 1
prion 1
openvas
openvas
XWiki < 13.10.8, 14.x < 14.4.3, 14.5.x < 14.6-rc-1 Eval Injection Vulnerability (GHSA-6w8h-26xx-cf8q)
2022-11-24 00:00:00
github
github
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui
2022-11-21 22:37:27
cvelist
cvelist
CVE-2022-41934 Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-menu-ui
2022-11-23 00:00:00
osv
osv
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui
2022-11-21 22:37:27
CVE-2022-41934
2022-11-23 20:15:10
nvd
nvd
CVE-2022-41934
2022-11-23 20:15:10
cve
cve
CVE-2022-41934
2022-11-23 20:15:10
prion
prion
Design/Logic Flaw
2022-11-23 20:15:00

0.004 Low

EPSS

Percentile

73.9%

JSON
Related for CNVD-2022-86389
openvas1github1cvelist1osv2nvd1cve1prion1