4 matches found
XWiki 15.3-rc-1 < 15.10.14, 16.0.0-rc-1 < 16.4.6, 16.5.0-rc-1 < 16.10.0 Missing Authorization Vulnerability (GHSA-f9c6-2f9p-82jj)
Xwiki is prone to a missing authorization vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...
CVE-2025-46557
creationtimestamp| type| source ---|---|--- 2025-04-30 19:13:38+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14128 2025-04-30 22:05:57+00:00| seen| https://t.me/cvedetector/24131...
CVE-2025-46557 Any user with view access to the XWiki space can change the authenticator
XWiki is a generic wiki platform. In versions starting from 15.3-rc-1 to before 15.10.14, from 16.0.0-rc-1 to before 16.4.6, and from 16.5.0-rc-1 to before 16.10.0-rc-1, a user who can access pages located in the XWiki space by default, anyone can access the page XWiki.Authentication.Administrati...
CVE-2025-46557 Any user with view access to the XWiki space can change the authenticator
XWiki is a generic wiki platform. In versions starting from 15.3-rc-1 to before 15.10.14, from 16.0.0-rc-1 to before 16.4.6, and from 16.5.0-rc-1 to before 16.10.0-rc-1, a user who can access pages located in the XWiki space by default, anyone can access the page XWiki.Authentication.Administrati...