Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-1481

Malicious code in bioql PyPI...

9CVSS6.9AI score0.00652EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 3:48 a.m.7 views

CVE-2023-32070

XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting XSS attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. Ther...

9CVSS5.6AI score0.00652EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/07/13 12:0 a.m.17 views

XWiki 4.2-milestone-1 < 14.6 XSS Vulnerability (GHSA-m3jr-cvhj-f35j)

Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

9CVSS7.2AI score0.01153EPSS
Exploits1References1
NVD
NVD
added 2023/05/10 6:15 p.m.47 views

CVE-2023-32070

XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting XSS attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. Ther...

9CVSS8.4AI score0.00652EPSS
Exploits0References3
CVE
CVE
added 2023/05/10 5:18 p.m.62 views

CVE-2023-32070

CVE-2023-32070 affects XWiki Platform’s HTML/XHTML rendering prior to version 14.6-rc-1, where dangerous attributes/attribute values were not checked, enabling XSS via attributes and link URLs in XWiki syntax. The issue is mitigated by upgrading to the fixed version (14.6-rc-1 or later); no publi...

9CVSS7AI score0.00652EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2023/05/10 5:18 p.m.34 views

CVE-2023-32070 Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers

XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting XSS attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. Ther...

9CVSS6.3AI score0.00652EPSS
Exploits0References5
Prion
Prion
added 2023/05/09 1:15 p.m.20 views

Cross site scripting

org.xwiki.commons:xwiki-commons-xml is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect...

6.8CVSS8.9AI score0.00818EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/05/09 12:53 p.m.45 views

CVE-2023-31126 Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml

org.xwiki.commons:xwiki-commons-xml is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect...

9CVSS9.2AI score0.00818EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/04/18 11:1 p.m.30 views

CVE-2023-29525 Privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Affected versions of xwiki are subject to code injection in the since parameter of the /xwiki/bin/view/XWiki/Notifications/Code/LegacyNotificationAdministration endpoint. This provides an XWik...

9.9CVSS10AI score0.77752EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2022/11/28 12:0 a.m.15 views

XWiki < 13.10.8, 14.x < 14.4.2, 14.5.x < 14.6 Uncontrolled Resource Consumption Vulnerability (GHSA-4x5r-6v26-7j4v)

Xwiki is prone to an uncontrolled resource consumption vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki...

7.5CVSS6.1AI score0.00518EPSS
Exploits0References1
Rows per page
Query Builder