6 matches found
CVE-2023-29507
XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking...
EUVD-2023-1368
Malicious code in bioql PyPI...
Design/Logic Flaw
XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking...
CVE-2023-29507 org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors
XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking...
CVE-2023-29507
XWiki Commons vulnerability: the Document script API returns directly a DocumentAuthors object, letting an attacker set any document author and potentially affect rights checks. This is fixed by patching the API to a safe script API in XWiki 14.10 and 14.4.7. Affected context includes XWiki Commo...
XWiki Commons 安全漏洞
XWiki Commons is a technology library shared by several other top XWiki projects. A security vulnerability exists in XWiki Commons, which stems from the Document script API directly returning a DocumentAuthors allowing any author of a document to be set...