Lucene search
K

4 matches found

OpenVAS
OpenVAS
added 2023/07/25 12:0 a.m.18 views

XWiki 7.4-milestone-2 < 13.10.11, 14.0-rc-1 < 14.4.8, 14.5 < 14.10.2 Code Injection Vulnerability (GHSA-p67q-h88v-5jgr)

Xwiki is prone to a code injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...

8.8CVSS8.7AI score0.01131EPSS
Exploits1References1
Circl
Circl
added 2023/04/19 7:43 a.m.6 views

CVE-2023-29521

creationtimestamp| type| source ---|---|--- 2023-04-19 07:43:23+00:00| seen| https://t.me/cibsecurity/62438...

8.8CVSS8.1AI score0.01131EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/04/18 11:36 p.m.9 views

CVE-2023-29521 Code injection from account/view through VFS Tree macro in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of...

8.4CVSS8.8AI score0.01131EPSS
Exploits1References3
CVE
CVE
added 2023/04/18 11:36 p.m.53 views

CVE-2023-29521

CVE-2023-29521 affects XWiki Platform. A vulnerability in the Macro.VFSTreeMacro allows any user with view rights to execute arbitrary Groovy, Python or Velocity code, granting full access to the XWiki installation. Root cause: improper escaping of the VFSTreeMacro. The page is not installed by d...

8.8CVSS8.8AI score0.01131EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder