8 matches found
XWiki 5.1-rc-1 < 14.10.8, 15.0-rc-1 < 15.3 Privilege Escalation Vulnerability (GHSA-v2rr-xw95-wcjx)
Xwiki is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescripti...
XWiki 9.4-rc-1 < 14.10.8, 15.0-rc-1 < 15.3 Information Disclosure Vulnerability (GHSA-gh64-qxh5-4m33)
Xwiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...
XWiki 3.5-milestone-1 < 14.10.9, 15.0 < 15.3 Information Disclosure Vulnerability (GHSA-g9w4-prf3-m25g)
Xwiki is prone to a information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...
XWiki 3.5-milestone-1 < 14.10.8, 15.0-rc-1 < 15.3 XSS Vulnerability (GHSA-vcvr-v426-3m3m)
Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...
Obfuscated email addresses should not be sorted
Impact The mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. See https://jira.xwiki.org/browse/XWIKI-20601 for the reproduction steps. Patches This has been patched in XWiki 14.10.9, and XWiki 15.3-rc-1. Workarounds The workaround is t...
CVE-2023-38509 XWiki Platform's obfuscated email addresses should not be sorted
XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This...
CVE-2023-38509 XWiki Platform's obfuscated email addresses should not be sorted
XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This...
PT-2023-8490 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 3.5-milestone-1 through 14.10.8 XWiki Platform versions 15.3-rc-1 and earlier Description: The issue is related to the disclosure of information in the error data area of the XWiki Platform, specifically in the...