26 matches found
CVE-2024-26138 License information is public, exposing instance id and license holder details
The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document Licenses.Code.LicenseJSON that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information...
XWiki Platform Information Disclosure Vulnerability
XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating Web collaboration applications. An information disclosure vulnerability exists in XWiki Platform, which stems from a Solr-based search in XWiki disclosing a user's e-mail address even if e-mail address obfuscation is...
CVE-2023-38509
XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This...
CVE-2023-38509
CVE-2023-38509 affects XWiki Platform’s livetable-ui component (org.xwiki.platform:xwiki-platform-livetable-ui). Versions 3.5-milestone-1 through but not including 14.10.9 and 15.3-rc-1 expose a mail obfuscation configuration that was not fully applied, allowing obfuscated emails to be accessed. ...
Email Address Obfuscated Within HTML Comments
Binary data 4710.prm...
RevoBoard [email] tag XSS
Revoboard php is based on an earlier version of PunBB. I know for sure that this affects v1.8. The email tag parser obsfucates emails to stop harvesters. To execute code, do this: php $code = ''" onMouseover="javascript:alert/xss/"'; for$a=0;$astrlen$code;$a++ $c = ordsubstr$code,$a,1; $c +=...