XWiki 3.5-milestone-1 < 14.10.9, 15.0 < 15.3 Information Disclosure Vulnerability (GHSA-g9w4-prf3-m25g)

Xwiki is prone to a information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

CVE-2023-40572

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality,...

CVE-2023-40572

XWiki Platform is vulnerable to a CSRF-based privilege escalation leading to remote code execution via the create action when a user with script rights visits a crafted image. The issue arises because the create action can be triggered without a CSRF token, enabling script execution and compromis...

CVE-2023-40572 XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality,...

Obfuscated email addresses should not be sorted

Impact The mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. See https://jira.xwiki.org/browse/XWIKI-20601 for the reproduction steps. Patches This has been patched in XWiki 14.10.9, and XWiki 15.3-rc-1. Workarounds The workaround is t...

CVE-2023-38509 XWiki Platform's obfuscated email addresses should not be sorted

XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This...

CVE-2023-38509 XWiki Platform's obfuscated email addresses should not be sorted

XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This...