Paketo Buildpacks Bionic End Of Support
The Spring Boot plugins for Maven and Gradle provide the ability to build Docker images using Cloud Native Buildpacks. By default, Spring Boot uses the CNB builders provided by the Paketo Buildpacks project. What's Changed The Paketo Buildpacks project has announced that Ubuntu 18.04 Bionic-based.....
6.6AI Score
Xwiki is prone to a privilege escalation...
9.9CVSS
7.3AI Score
0.005EPSS
XWiki < 14.10.9, 15.0-rc-1 < 15.4-rc-1 Improper Access Control Vulnerability (GHSA-8xhr-x3v8-rghj)
XWiki is prone to an improper access control...
9CVSS
7AI Score
0.003EPSS
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a document....
8.8CVSS
9.4AI Score
0.003EPSS
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a document....
9CVSS
8.9AI Score
0.003EPSS
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a document....
9CVSS
8AI Score
0.003EPSS
Cross site request forgery (csrf)
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a document....
8.8CVSS
8.9AI Score
0.003EPSS
CVE-2023-40573 XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a document....
9CVSS
9.6AI Score
0.003EPSS
XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution
Impact XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a document doesn't modify the content author. Together with a CSRF vulnerability in the job scheduler, this.....
9CVSS
7.2AI Score
0.003EPSS
XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution
Impact XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a document doesn't modify the content author. Together with a CSRF vulnerability in the job scheduler, this.....
9CVSS
7.7AI Score
0.003EPSS
XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message
Impact Any user who can view Invitation.WebHome can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This can be reproduced with the following steps: Open the invitation...
9.9CVSS
8.1AI Score
0.005EPSS
XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message
Impact Any user who can view Invitation.WebHome can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This can be reproduced with the following steps: Open the invitation...
9.9CVSS
8.1AI Score
0.005EPSS
Xwiki is prone to a code injection...
9.9CVSS
9AI Score
0.002EPSS
Xwiki is prone to a code injection...
9.9CVSS
9AI Score
0.004EPSS
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view Invitation.WebHome can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to.....
9.9CVSS
9AI Score
0.005EPSS
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view Invitation.WebHome can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to.....
8.8CVSS
9.8AI Score
0.005EPSS
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view Invitation.WebHome can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to.....
9.9CVSS
8.3AI Score
0.005EPSS
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view Invitation.WebHome can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to.....
8.8CVSS
9AI Score
0.005EPSS
CVE-2023-37914 Privilege escalation (PR)/RCE from account through Invitation subject/message
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view Invitation.WebHome can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to.....
9.9CVSS
10AI Score
0.005EPSS
Xwiki is prone to a privilege escalation...
9.9CVSS
9AI Score
0.002EPSS
Xwiki is prone to a privilege escalation...
9.9CVSS
9AI Score
0.002EPSS
Xwiki is prone to a code injection...
8.8CVSS
9AI Score
0.002EPSS
XWiki 7.0-rc-1 < 14.4.8, 14.5 < 14.10.3 Code Injection Vulnerability (GHSA-mjw9-3f9f-jq2w)
Xwiki is prone to a code injection...
9.9CVSS
9AI Score
0.004EPSS
Xwiki is prone to a code injection...
9.9CVSS
9AI Score
0.006EPSS
XWiki Platform - Remote Code Execution
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document SkinsCode.XWikiSkinsSheet leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute...
9.9CVSS
9.7AI Score
0.523EPSS
XWiki 7.0-rc-1 < 14.4.8, 14.5 < 14.10.4 Code Injection Vulnerability (GHSA-h4vp-69r8-gvjg)
Xwiki is prone to a code injection...
9.9CVSS
7.4AI Score
0.523EPSS
org.xwiki.platform:xwiki-platform-skin-ui Eval Injection vulnerability
Impact Improper escaping in the document SkinsCode.XWikiSkinsSheet leads to a possible privilege escalation from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code...
9.9CVSS
8AI Score
0.523EPSS
org.xwiki.platform:xwiki-platform-skin-ui Eval Injection vulnerability
Impact Improper escaping in the document SkinsCode.XWikiSkinsSheet leads to a possible privilege escalation from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code...
9.9CVSS
8.4AI Score
0.523EPSS
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document SkinsCode.XWikiSkinsSheet leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute...
8.8CVSS
0.523EPSS
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document SkinsCode.XWikiSkinsSheet leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute...
9.9CVSS
9.1AI Score
0.523EPSS
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document SkinsCode.XWikiSkinsSheet leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute...
9.9CVSS
8.8AI Score
0.523EPSS
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document SkinsCode.XWikiSkinsSheet leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute...
8.8CVSS
9.2AI Score
0.523EPSS
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document SkinsCode.XWikiSkinsSheet leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute...
9.9CVSS
10AI Score
0.523EPSS
XWiki 7.4.4 < 14.10.3 Code Injection Vulnerability (GHSA-jgrg-qvpp-9vwr)
Xwiki is prone to a code injection...
9.9CVSS
9AI Score
0.001EPSS
Summary APM JBoss and APM WebLogic Agents are vulnerable to Apache Groovy(groovy-all-2.3.11.jar). [CVE-2020-17521, CVE-2016-6814, CVE-2015-3253] The fix includes groovy-all-2.3.11.jar upgraded to groovy-all-2.5.21.jar. Vulnerability Details ** CVEID: CVE-2020-17521 DESCRIPTION: **Apache Groovy...
5.5CVSS
7.6AI Score
0.037EPSS
XWiki Platform vulnerable to Code injection through NotificationRSSService
Impact Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This can be reproduced with the following steps: ....
9.9CVSS
8AI Score
0.009EPSS
XWiki Platform vulnerable to Code injection through NotificationRSSService
Impact Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This can be reproduced with the following steps: ....
9.9CVSS
8AI Score
0.009EPSS
org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted
Impact The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for phishing attacks or also in the context of a sheet, the attacker could add...
9CVSS
7.6AI Score
0.003EPSS
org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted
Impact The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for phishing attacks or also in the context of a sheet, the attacker could add...
9CVSS
7.6AI Score
0.003EPSS
"Free" Evil Dead Rise movie scam lurks in Amazon listings
Scammers are using a novel technique with Amazon listings to trick fans of Evil Dead into downloads they may not want, and expensive rolling payments they have no interest in. Evil Dead Rise, the breakout horror film of 2023, started with big cinema numbers and has moved on to a victory lap in...
6.9AI Score
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...
9.9CVSS
9AI Score
0.009EPSS
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...
9.9CVSS
8.4AI Score
0.009EPSS
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...
8.8CVSS
9.9AI Score
0.009EPSS
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...
8.8CVSS
9.1AI Score
0.009EPSS
CVE-2023-36469 Code injection through NotificationRSSService in XWiki Platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...
9.9CVSS
10AI Score
0.009EPSS
Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for...
9CVSS
5.8AI Score
0.003EPSS
Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for...
9CVSS
7.7AI Score
0.003EPSS
Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for...
5.4CVSS
9.2AI Score
0.003EPSS
Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for...
5.4CVSS
5.9AI Score
0.003EPSS
Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for...
9CVSS
9.4AI Score
0.003EPSS