Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2140

Malicious code in bioql PyPI...

9.9CVSS6.4AI score0.00342EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2024/06/24 6:0 p.m.30 views

XWiki programming rights may be inherited by inclusion

Impact The content of a document included using include reference="targetdocument"/ is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the include macro...

9.9CVSS7AI score0.00342EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2024/06/24 5:15 p.m.46 views

CVE-2024-38369

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using include reference="targetdocument"/ is executed with the right of the includer and not with the right of its author. This means that any user able to...

9.9CVSS0.00342EPSS
Exploits0References1
OSV
OSV
added 2023/10/25 9:2 p.m.4 views

GHSA-663W-2XP3-5739 org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability

Impact The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute names. This can be exploited, e.g., via the link syntax in any content that supports XWiki syntax like commen...

9.6CVSS6.2AI score0.01058EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2023/10/25 4:53 p.m.18 views

CVE-2023-37908 org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute...

9CVSS6.6AI score0.01058EPSS
Exploits1References4
OSV
OSV
added 2023/10/25 4:53 p.m.33 views

CVE-2023-37908 org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute...

9CVSS8.6AI score0.01058EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2023/06/20 4:45 p.m.31 views

XWiki Platform's tags on non-viewable pages can be revealed to users

Impact Tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. Patches This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0 RC1. Workarounds There is no workaround...

4.3CVSS6.5AI score0.00554EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2023/05/09 1:15 p.m.21 views

Cross site scripting

org.xwiki.commons:xwiki-commons-xml is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect...

6.8CVSS8.9AI score0.00818EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/04/19 12:15 a.m.39 views

CVE-2023-29510

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In XWiki, every user can add translations that are only applied to the current user. This also allows overriding existing translations. Such translations are often included in privileged...

9.9CVSS9.7AI score0.01864EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/04/18 11:4 p.m.34 views

CVE-2023-29524 Code injection from account through XWiki.SchedulerJobSheet in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute anything with the right of the Scheduler Application sheet page. A user without script or programming rights, edit your user profile with the object editor and add a n...

9.9CVSS9.7AI score0.76297EPSS
Exploits1References3
Rows per page
Query Builder