XWiki 1.1.2 < 14.10.21, 15.0 < 15.5.5, 15.6 < 15.10.6 XSS Vulnerability (GHSA-wcg9-pgqv-xm5v)

Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

XWiki 4.2-milestone-3 < 14.10.21, 15.0-rc-1 < 15.5.5, 15.6-rc-1 < 15.10.6, 16.0.0-rc-1 < 16.0.0 XSS Vulnerability (GHSA-wf3x-jccf-5g5g)

Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

XWiki 13.10.4 < 14.10.21, 15.0 < 15.5.5, 15.6-rc-1 < 15.10.6 Missing Authorization Vulnerability (GHSA-33gp-gmg3-hfpq)

Xwiki is prone to a missing authorization vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

CVE-2024-37898 XWiki Platform vulnerable to document deletion and overwrite from edit

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When a user has view but not edit right on a page in XWiki, that user can delete the page and replace it by a page with new content without having delete right. The previous version of the pag...

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform that stems from improper management of user rights. The following versions are affected: versions 13.10.4 through 14.0-rc-1, 14.2 through...

CVE-2024-37899 Disabling a user account changes its author, allowing RCE from user account in XWiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable...

XWiki Platform Code Injection Vulnerability

XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform versions prior to 14.10.21, 15.5.5, 15.10.6, and 16.0.0, which stems from the fact that disabling a user account changes its author,...

Catalyst Mahara Access Control Vulnerability

Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A security vulnerability exists in Catalyst Mahara versions 15.04 prior to 15.04.10, 15.10 prior to 15.10.6, and 16.04 prior to 16.04.4 that stems fro...