12 matches found
CVE-2024-21651
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU...
CVE-2024-21648
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17,...
Design/Logic Flaw
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17,...
XWiki Platform Security Vulnerability
XWiki Platform is the XWiki Foundation's suite of wiki platforms for creating collaborative web applications. A security vulnerability exists in XWiki Platform that stems from a lack of privilege protection for rollback operations. Affected products and versions: XWiki Platform versions prior to...
CVE-2024-21648 XWiki has no right protection on rollback action
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17,...
CVE-2024-21648 XWiki has no right protection on rollback action
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17,...
CVE-2024-21650
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the...
CVE-2024-21650 XWiki Remote Code Execution vulnerability via user registration
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution RCE attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the...
PT-2024-18996 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.17 XWiki Platform versions prior to 15.5.3 XWiki Platform versions prior to 15.8-rc-1 Description: The XWiki Platform is a generic wiki platform offering runtime services for applications built on top of...
PT-2024-18999 · Xwiki +1 · Xwiki Platform +2
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.18 XWiki Platform versions prior to 15.5.3 XWiki Platform versions prior to 15.8 RC1 Description: A user able to attach a file to a page can post a malformed TAR file by manipulating file modification...
XWiki Platform Security Vulnerability
XWiki Platform is the XWiki Foundation's suite of wiki platforms for creating collaborative web applications. A security vulnerability exists in XWiki Platform that stems from a remote code execution RCE vulnerability in the user registration function. Affected products and versions: XWiki Platfo...
CVE-2021-39181
OpenOlat is a web-based learning management system LMS. Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file e.g. a course any class on the Java classpath can be instantiated, including spring AOP bean factories. This can be used to execute code arbitrary code by the...