Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-1273

Malicious code in bioql PyPI...

9CVSS5.6AI score0.00942EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/23 5:38 a.m.6 views

CVE-2023-26478

XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, org.xwiki.store.script.TemporaryAttachmentsScriptServiceuploadTemporaryAttachment returns an instance of com.xpn.xwiki.doc.XWikiAttachment. This class is not supported to be exposed to users without the programing right...

8.1CVSS6.8AI score0.0067EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2023/07/13 12:0 a.m.13 views

XWiki 3.0-milestone-1 < 14.9 XSS Vulnerability (GHSA-cmvg-w72j-7phx)

Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

9CVSS6AI score0.00942EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/04/15 3:41 p.m.40 views

CVE-2023-29206 org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins

XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object and to craft a...

9CVSS9.3AI score0.00942EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2023/04/12 8:38 p.m.24 views

org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins

Impact There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object and to craft a script allowing to perform some operations when executing by a user with appropriate...

9CVSS5.5AI score0.00942EPSS
Exploits1References7Affected Software1
OpenVAS
OpenVAS
added 2023/03/06 12:0 a.m.19 views

XWiki 14.3-rc-1 < 14.4.6, 14.5.x < 14.9 Exposed Dangerous Class Vulnerability (GHSA-8692-g6g9-gm5p)

Xwiki is prone to an exposed dangerous class vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

8.1CVSS7.3AI score0.0067EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2023/03/06 12:0 a.m.21 views

XWiki 6.2.4 < 13.10.10, 14.x < 14.4.6, 14.5.x < 14.9 Eval Injection Vulnerability (GHSA-x2qm-r4wx-8gpg)

Xwiki is prone to an eval injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...

10CVSS7.3AI score0.74757EPSS
Exploits1References3
NVD
NVD
added 2023/03/02 6:15 p.m.41 views

CVE-2023-26478

XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, org.xwiki.store.script.TemporaryAttachmentsScriptServiceuploadTemporaryAttachment returns an instance of com.xpn.xwiki.doc.XWikiAttachment. This class is not supported to be exposed to users without the programing right...

8.1CVSS7.1AI score0.0067EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/03/02 5:52 p.m.37 views

CVE-2023-26477 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability

XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the newThemeName request parameter URL parameter, in combination with additional parameters. This has been...

10CVSS9.6AI score0.74757EPSS
Exploits1References3
OSV
OSV
added 2023/03/02 5:20 p.m.35 views

CVE-2023-26479 org.xwiki.platform:xwiki-platform-rendering-parser vulnerable to Improper Handling of Exceptional Conditions

XWiki Platform is a generic wiki platform. Starting in version 6.0, users with write rights can insert well-formed content that is not handled well by the parser. As a consequence, some pages becomes unusable, including the user index if the page containing the faulty content is a user page and t...

6.5CVSS6.5AI score0.01083EPSS
Exploits1References5
Rows per page
Query Builder