8 matches found
CVE-2022-36094
XWiki Platform Web Parent POM contains Web resources for the XWiki platform, a generic wiki platform. Starting with version 1.0 and prior to versions 13.10.6 and 14.30-rc-1, it's possible to store JavaScript which will be executed by anyone viewing the history of an attachment containing javascri...
GHSA-MXF2-4R22-5HQ9 XWiki Platform Web Parent POM vulnerable to XSS in the attachment history
Impact It's possible to store a JavaScript which will be executed by anyone viewing the history of an attachment containing javascript in its name. For example, attachment a file with name .jpg will execute the alert. Patches This issue has been patched in XWiki 13.10.6 and 14.3RC1. Workarounds I...
XWiki Platform Web Parent POM vulnerable to XSS in the attachment history
Impact It's possible to store a JavaScript which will be executed by anyone viewing the history of an attachment containing javascript in its name. For example, attachment a file with name .jpg will execute the alert. Patches This issue has been patched in XWiki 13.10.6 and 14.3RC1. Workarounds I...
CVE-2022-36094
CVE-2022-36094 affects XWiki Platform Web Parent POM. The issue allows storing JavaScript that is executed when anyone views the history of an attachment whose name contains javascript, for versions starting from 1.0 up to but not including 13.10.6 and 14.30-rc-1. The vulnerability is mitigated b...
CVE-2022-36094 XWiki Platform Web Parent POM vulnerable to XSS in the attachment history
XWiki Platform Web Parent POM contains Web resources for the XWiki platform, a generic wiki platform. Starting with version 1.0 and prior to versions 13.10.6 and 14.30-rc-1, it's possible to store JavaScript which will be executed by anyone viewing the history of an attachment containing javascri...
CVE-2022-36094 XWiki Platform Web Parent POM vulnerable to XSS in the attachment history
XWiki Platform Web Parent POM contains Web resources for the XWiki platform, a generic wiki platform. Starting with version 1.0 and prior to versions 13.10.6 and 14.30-rc-1, it's possible to store JavaScript which will be executed by anyone viewing the history of an attachment containing javascri...
CVE-2022-36094 XWiki Platform Web Parent POM vulnerable to XSS in the attachment history
XWiki Platform Web Parent POM contains Web resources for the XWiki platform, a generic wiki platform. Starting with version 1.0 and prior to versions 13.10.6 and 14.30-rc-1, it's possible to store JavaScript which will be executed by anyone viewing the history of an attachment containing javascri...
XWiki Platform 跨站脚本漏洞
XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. A security vulnerability exists in the XWiki Platform Web Parent POM prior to version 13.10.6 and prior to version 14.30-rc-1, which stems from the ability to store JavaScript th...