4 matches found
XWiki 7.4-milestone-2 < 13.10.11, 14.0-rc-1 < 14.4.8, 14.5 < 14.10.2 Code Injection Vulnerability (GHSA-p67q-h88v-5jgr)
Xwiki is prone to a code injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...
CVE-2023-29521
creationtimestamp| type| source ---|---|--- 2023-04-19 07:43:23+00:00| seen| https://t.me/cibsecurity/62438...
CVE-2023-29521 Code injection from account/view through VFS Tree macro in xwiki-platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of...
CVE-2023-29521
CVE-2023-29521 affects XWiki Platform. A vulnerability in the Macro.VFSTreeMacro allows any user with view rights to execute arbitrary Groovy, Python or Velocity code, granting full access to the XWiki installation. Root cause: improper escaping of the VFSTreeMacro. The page is not installed by d...