Lucene search
K

29 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:34 a.m.4 views

CVE-2023-32069

XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-2 and prior to versions 14.10.4 and 15.0-rc-1, it's possible for a user to execute anything with the right of the author of the XWiki.ClassSheet document. This has been patched in XWiki 15.0-rc-1 and 14.10.4. There are n...

9.9CVSS6.9AI score0.00779EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/09/20 12:0 a.m.10 views

XWiki 13.2-rc-1 < 14.10.21, 15.0-rc-1 < 15.5.5, 15.6-rc-1 < 15.10.1 Multiple Vulnerabilities

Xwiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...

6.5CVSS7.5AI score0.0055EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2024/08/02 12:0 a.m.13 views

XWiki 4.2-milestone-3 < 14.10.21, 15.0-rc-1 < 15.5.5, 15.6-rc-1 < 15.10.6, 16.0.0-rc-1 < 16.0.0 XSS Vulnerability (GHSA-wf3x-jccf-5g5g)

Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

6.4CVSS6.2AI score0.15804EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2024/08/02 12:0 a.m.15 views

XWiki 9.2-rc-1 < 14.10.21, 15.0-rc-1 < 15.5.5, 15.6-rc-1 < 15.10.2 RCE Vulnerability (GHSA-h63h-5c77-77p5)

Xwiki is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

9.9CVSS7.9AI score0.01057EPSS
Exploits0References1
NCSC
NCSC
added 2024/06/25 10:17 a.m.7 views

Vulnerability fixed in XWiki

The developers of XWiki have fixed a vulnerability in XWiki. The vulnerability is in the way documents are imported into articles. The document's permissions remain on the person importing the document, allowing anyone with permissions to the original document to perform actions with permissions...

9.9CVSS7.4AI score0.00342EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/24 12:0 a.m.4 views

XWiki Platform Security Vulnerability

XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in versions of XWiki Platform prior to 15.0-rc-1, which stems from the possibility that programming privileges may be inherited via include, which could le...

9.9CVSS6.7AI score0.00342EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2024/04/15 12:0 a.m.17 views

XWiki 5.0-rc-1 < 14.10.19, 15.0-rc-1 < 15.5.4, 15.6-rc-1 < 15.9 Information Disclosure Vulnerability (GHSA-v782-xr4w-3vqx)

Xwiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

6.8CVSS5.9AI score0.00376EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/04/15 12:0 a.m.18 views

XWiki < 14.10.19, 15.0-rc-1 < 15.5.4, 15.6-rc-1 < 15.9 RCE Vulnerability (GHSA-c2gg-4gq4-jv5j)

Xwiki is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

9.9CVSS6.5AI score0.73925EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2024/04/15 12:0 a.m.19 views

XWiki 5.2-milestone-2 < 14.10.20, 15.0-rc-1 < 15.5.4, 15.6-rc-1 < 15.10 RCE Vulnerability (GHSA-34fj-r5gq-7395)

Xwiki is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

9.9CVSS6.5AI score0.75575EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2024/04/15 12:0 a.m.48 views

XWiki 3.0.1 < 14.10.19, 15.0-rc-1 < 15.5.4, 15.6-rc-1 < 15.9 RCE Vulnerability (GHSA-hf43-47q4-fhq5)

Xwiki is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

10CVSS7.8AI score0.02104EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2023/11/16 12:0 a.m.15 views

XWiki 12.0-rc-1 < 14.10.12, 15.0-rc-1 < 15.5 XSS Vulnerability (GHSA-qcj9-gcpg-4w2w)

Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

9.6CVSS7.3AI score0.05124EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2023/11/16 12:0 a.m.21 views

XWiki 3.5-milestone-1 < 14.10.8, 15.0-rc-1 < 15.3 XSS Vulnerability (GHSA-vcvr-v426-3m3m)

Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

9.9CVSS7.3AI score0.01076EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2023/11/16 12:0 a.m.18 views

XWiki 9.4-rc-1 < 14.10.8, 15.0-rc-1 < 15.3 Information Disclosure Vulnerability (GHSA-gh64-qxh5-4m33)

Xwiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

6.5CVSS6.6AI score0.00752EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2023/11/16 12:0 a.m.15 views

XWiki 5.1-rc-1 < 14.10.8, 15.0-rc-1 < 15.3 Privilege Escalation Vulnerability (GHSA-v2rr-xw95-wcjx)

Xwiki is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescripti...

9.9CVSS7.3AI score0.01621EPSS
Exploits1References1
NVD
NVD
added 2023/06/23 7:15 p.m.19 views

CVE-2023-35155

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. For instance, the following URL execute an alter on the browser:...

8.8CVSS8.8AI score0.01496EPSS
Exploits1References2
Prion
Prion
added 2023/06/23 7:15 p.m.18 views

Design/Logic Flaw

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. For instance, the following URL execute an alter on the browser:...

5.8CVSS6.3AI score0.01496EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/23 6:15 p.m.14 views

CVE-2023-35155 XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. For instance, the following URL execute an alter on the browser:...

8.8CVSS6.8AI score0.01496EPSS
Exploits1References2
Prion
Prion
added 2023/06/23 4:15 p.m.22 views

Information disclosure

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.0-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, tags from pages not viewable to the current user are leaked by the tags API. This information can also...

4CVSS4.4AI score0.00554EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/20 4:45 p.m.29 views

XWiki Platform may retrieve email addresses of all users

Impact The mail obfuscation configuration was not fully taken into account and while the mail displayed to the end user was obfuscated: - the rest response was also containing the mail unobfuscated - user were able to filter and sort on the unobfuscated allowing to infer the mail content The...

7.5CVSS6.8AI score0.00961EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/05/09 5:46 p.m.20 views

GHSA-J9H5-VCGV-2JFM XWiki Platform vulnerable to RXSS via editor parameter - importinline template

Impact It's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. To reproduce: add an attachment to a page for example, your user profile add...

9CVSS9.1AI score0.71143EPSS
Exploits0References6
Rows per page
Query Builder