4 matches found
XWiki 13.9-rc-1 < 13.10.8, 14.x < 14.4.3, 14.5.x < 14.7 Information Disclosure Vulnerability (GHSA-vvp7-r422-rx83)
Xwiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...
CVE-2022-24820 Unauthenticated user can list hidden document from multiple velocity templates
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and...
CVE-2022-24820 Unauthenticated user can list hidden document from multiple velocity templates
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and...
PT-2022-16900 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 12.10.11 XWiki Platform versions prior to 13.4.4 XWiki Platform versions prior to 13.9-rc-1 Description: A guest user without the right to view pages of the wiki can still list documents by rendering some...