Lucene search
K

20 matches found

Nuclei
Nuclei
added 10 hours ago50 views

XWiki >= 2.5-milestone-2 - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.3AI score0.02268EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/10/25 9:7 p.m.29 views

XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro

Impact The footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution,...

9.9CVSS7.6AI score0.01247EPSS
Exploits1References5Affected Software2
Prion
Prion
added 2023/10/25 6:17 p.m.29 views

Remote code execution

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of org.xwiki.platform:xwiki-core-rendering-macro-footnotes and org.xwiki.platform:xwiki-rendering-macro-footnotes and prior to version 15.1-rc-1 of...

6.5CVSS8.9AI score0.01247EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2023/06/23 7:15 p.m.45 views

CVE-2023-35158

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as:...

9.6CVSS9.3AI score0.02048EPSS
Exploits0References4
NVD
NVD
added 2023/06/23 7:15 p.m.48 views

CVE-2023-35159

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as:...

9.6CVSS9.3AI score0.02182EPSS
Exploits0References4
NVD
NVD
added 2023/06/23 7:15 p.m.40 views

CVE-2023-35162

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the previewactions template to perform a XSS, e.g. by using URL such as:...

9.6CVSS9.3AI score0.02377EPSS
Exploits0References4
Prion
Prion
added 2023/06/23 7:15 p.m.24 views

Code injection

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as:...

5.8CVSS6.2AI score0.02268EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/06/23 7:15 p.m.19 views

Code injection

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as:...

5.8CVSS6.2AI score0.02182EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/06/23 7:15 p.m.18 views

Design/Logic Flaw

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as:...

5.8CVSS6.2AI score0.02048EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/23 6:52 p.m.13 views

CVE-2023-35162 XPlatform Wiki vulnerable to cross-site scripting via xcontinue parameter in preview actions template

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the previewactions template to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.7AI score0.02377EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/06/23 6:52 p.m.49 views

CVE-2023-35162 XPlatform Wiki vulnerable to cross-site scripting via xcontinue parameter in preview actions template

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the previewactions template to perform a XSS, e.g. by using URL such as:...

9.6CVSS9.5AI score0.02377EPSS
Exploits0References4
OSV
OSV
added 2023/06/23 6:51 p.m.36 views

CVE-2023-35161 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.2AI score0.02377EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/06/23 6:34 p.m.15 views

CVE-2023-35159 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.7AI score0.02182EPSS
Exploits0References4
OSV
OSV
added 2023/06/23 6:26 p.m.27 views

CVE-2023-35158 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.2AI score0.02048EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/06/23 6:26 p.m.13 views

CVE-2023-35158 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.7AI score0.02048EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/06/22 7:59 p.m.37 views

XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template

Impact Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as: xwiki/bin/deletespace/Sandbox/?xredirect=javascript:alertdocument.domain This vulnerability exists sin...

9.6CVSS6.8AI score0.02182EPSS
Exploits0References6Affected Software1
OpenVAS
OpenVAS
added 2023/06/21 12:0 a.m.16 views

XWiki 8.1-milestone-1 < 14.10.5, 15.x < 15.1 Privilege Escalation Vulnerability (GHSA-h7cw-44vp-jq7h)

Xwiki is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescripti...

9.9CVSS7.3AI score0.6312EPSS
Exploits1References1
NVD
NVD
added 2023/06/20 8:15 p.m.38 views

CVE-2023-35166

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5...

9.9CVSS9.6AI score0.6312EPSS
Exploits1References3
Prion
Prion
added 2023/06/20 8:15 p.m.18 views

Design/Logic Flaw

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5...

6.5CVSS8.7AI score0.6312EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/20 7:55 p.m.27 views

XWiki Platform vulnerable to privilege escalation (PR) from account through TipsPanel

Impact It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. To reproduce: Add an object of type UIExtensionClass Set "Extension Point ID" to org.xwiki.platform.help.tipsPanel Set "Extension ID" to org.xwiki.platform.user.test needs to be...

9.9CVSS10AI score0.6312EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder