CVE-2023-29210

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the notification preferences macros can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki...

XWiki 13.2-rc-1 < 13.10.11, 14.x < 14.4.7, 14.5.x < 14.10 Code Injection Vulnerability (GHSA-p9mj-v5mf-m82x)

Xwiki is prone to a code injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...

CVE-2023-29210 org.xwiki.platform:xwiki-platform-notifications-ui Eval Injection vulnerability

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the notification preferences macros can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki...

CVE-2023-29210

creationtimestamp| type| source ---|---|--- 2023-04-12 15:24:56+00:00| published-proof-of-concept| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p9mj-v5mf-m82x 2023-04-15 20:26:52+00:00| seen| https://t.me/cibsecurity/62235...