Drupal 10.5.x < 10.5.9 / 10.6.x < 10.6.7 / 11.2.x < 11.2.11 / 11.3.x < 11.3.7 Multiple Vulnerabilities (drupal-2026-04-15)

According to its self-reported version, the instance of Drupal running on the remote web server is 10.5.x prior to 10.5.9, 10.6.x prior to 10.6.7, 11.2.x prior to 11.2.11, or 11.3.x prior to 11.3.7. It is, therefore, affected by multiple vulnerabilities. - Drupal core's jQuery integration for AJA...

EUVD-2022-45202

Malicious code in bioql PyPI...

EUVD-2023-0368

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-22457

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he CKEditor.HTMLConverter document lacked a protection...

Cross site scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the CKEditor' space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, leading to loss of...

CVE-2023-36477 Persistent Cross-site Scripting (XSS) through CKEditor Configuration pages in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the CKEditor' space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, leading to loss of...

GHSA-9PC2-X9QF-7J2Q org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability

Impact Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the macro parameters of the...

PT-2023-4805 · Ckeditor +1 · Ckeditor +1

Name of the Vulnerable Software and Affected Versions: XWiki versions prior to 13.10.11 XWiki versions prior to 14.4.7 XWiki versions prior to 14.10 Description: The issue allows any user with view rights on commonly accessible documents, including the legacy notification activity macro, to execu...

CVE-2023-22457

CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he CKEditor.HTMLConverter document lacked a protection against Cross-Site Request Forgery CSRF, allowing to execute macros with the rights of the current user. If a privileged user with...

CVE-2023-22457

CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he CKEditor.HTMLConverter document lacked a protection against Cross-Site Request Forgery CSRF, allowing to execute macros with the rights of the current user. If a privileged user with...

UBUNTU-CVE-2023-22457

CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he CKEditor.HTMLConverter document lacked a protection against Cross-Site Request Forgery CSRF, allowing to execute macros with the rights of the current user. If a privileged user with...

CVE-2023-22457 org.xwiki.contrib:application-ckeditor-ui vulnerable to Remote Code Execution via Cross-Site Request Forgery

CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he CKEditor.HTMLConverter document lacked a protection against Cross-Site Request Forgery CSRF, allowing to execute macros with the rights of the current user. If a privileged user with...

CVE-2023-22457 org.xwiki.contrib:application-ckeditor-ui vulnerable to Remote Code Execution via Cross-Site Request Forgery

CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he CKEditor.HTMLConverter document lacked a protection against Cross-Site Request Forgery CSRF, allowing to execute macros with the rights of the current user. If a privileged user with...

PT-2023-4802 · Unknown · Ckeditor Integration Ui +1

Name of the Vulnerable Software and Affected Versions: CKEditor Integration UI versions prior to 1.64.3 XWiki Platform versions prior to 14.6 RC1 Description: The issue is related to insufficient authentication checks for executed requests in the CKEditor integration interface of the XWiki...

GHSA-67JP-27JJ-6X85 Liferay Portal and Liferay DXP Vulnerable to XSS in the CKEditor Integration with the Frontend Editor Module

A Cross-site scripting XSS vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Frontend Editor CKEditor Web before 5.0.46 from Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject...

Liferay Portal and Liferay DXP Vulnerable to XSS in the CKEditor Integration with the Frontend Editor Module

A Cross-site scripting XSS vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Frontend Editor CKEditor Web before 5.0.46 from Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject...