org.xwiki.platform:xwiki-platform-attachment-ui vulnerable to Code Injection

Impact A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a gadget of their own dashboard. Note that the vulnerability does not impact comments of a wiki. Patches The vulnerability...

CVE-2023-29519

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a gadget of their own...

Remote code execution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a gadget of their own...

CVE-2023-29519

CVE-2023-29519 affects XWiki Platform. A registered user can achieve remote code execution and privilege escalation by injecting code into the "property" field of an AttachmentSelector gadget on their dashboard. The vulnerability does not affect wiki comments. It has been patched in XWiki version...

CVE-2023-29519 Code injection in org.xwiki.platform:xwiki-platform-attachment-ui

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a gadget of their own...

PT-2023-8604 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.11 XWiki Platform versions prior to 14.4.8 XWiki Platform versions prior to 14.10.1 XWiki Platform versions prior to 15.0-rc-1 Description: The issue exists due to improper escaping in the "Cancel and...

XWiki Platform 注入漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from XWiki France. XWiki Platform suffers from an injection vulnerability that originates from a registered user being able to perform remote code execution by injecting appropriate code into the property fiel...

PT-2023-8600 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.11 XWiki Platform versions prior to 14.4.8 XWiki Platform versions prior to 14.10.2 XWiki Platform versions prior to 15.0-rc-1 Description: The issue exists due to the lack of measures to neutralize...

XWiki Platform 注入漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from XWiki France. XWiki Platform suffers from an injection vulnerability, which stems from improper escaping in the Cancel and return to page buttons, that allows any user with view rights to...

CVE-2022-41928 XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml

XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the height or alt macro properties. This has been patched in versions 13.10.7, 14.4.2...