3 matches found
XWiki 14.3-rc-1 < 14.4.6, 14.5.x < 14.9 Exposed Dangerous Class Vulnerability (GHSA-8692-g6g9-gm5p)
Xwiki is prone to an exposed dangerous class vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...
CVE-2023-26478
XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, org.xwiki.store.script.TemporaryAttachmentsScriptServiceuploadTemporaryAttachment returns an instance of com.xpn.xwiki.doc.XWikiAttachment. This class is not supported to be exposed to users without the programing right...
CVE-2023-26478
Summary: CVE-2023-26478 affects XWiki Platform. Starting with 14.3-rc-1, TemporaryAttachmentsScriptService#uploadTemporaryAttachment may return XWikiAttachment, which is not allowed to be exposed without the proper rights. Use com.xpn.xwiki.api.Attachment and rights checks instead. This has been ...