CVE-2023-50895

In Janitza GridVis through 9.0.66, exposed dangerous methods in the de.janitza.pasw.project.server.ServerDatabaseProject project load functionality allow remote authenticated administrative users to execute arbitrary Groovy code...

CVE-2023-50895

CVE-2023-50895 affects Janitza GridVis up to version 9.0.66; exposed dangerous methods in the de.janitza.pasw.project.server.ServerDatabaseProject load functionality allow remote authenticated administrative users to execute arbitrary Groovy code. Exploitation context and technical details are su...

PT-2024-13997 · Janitza · Gridvis

Name of the Vulnerable Software and Affected Versions: Janitza GridVis versions 9.0.66 and earlier Description: The issue allows remote authenticated administrative users to execute arbitrary Groovy code due to exposed dangerous methods in the de.janitza.pasw.project.server.ServerDatabaseProject...

Janitza GridVis 安全漏洞

Janitza GridVis is a grid monitoring software from Janitza. A security vulnerability exists in Janitza GridVis version 9.0.66 and prior versions. An attacker can exploit this vulnerability to execute arbitrary Groovy code...

CVE-2023-46243 Code execution via the edit action in XWiki platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for a user to execute any content with the right of an existing document's content author, provided the user have edit right on it. A crafted URL of the form...

CVE-2023-46243 Code execution via the edit action in XWiki platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for a user to execute any content with the right of an existing document's content author, provided the user have edit right on it. A crafted URL of the form...

Code injection

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn't properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document XWiki.AdminSheet ...

PT-2023-9238 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 7.2-rc-1 through 4.10.19 XWiki Platform versions 15.5.3 and earlier XWiki Platform versions prior to 15.10-rc-1 Description: The issue is related to the execution of arbitrary code in the XWiki Platform due to improper...

XWiki Platform 注入漏洞

XWiki Platform is a suite of wiki platforms for creating web collaboration applications from XWiki France. An injection vulnerability exists in XWiki Platform, which arises from the ability of a user without scripting or programming privileges to edit a user profile or any other document and add...

PT-2023-22295 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.11 XWiki Platform versions prior to 14.4.8 XWiki Platform versions prior to 14.10.1 XWiki Platform versions prior to 15.0-rc-1 Description: The issue allows any user with edit rights on a page to execute...

XWiki Platform 注入漏洞

XWiki Platform is a suite of Wiki platforms for creating collaborative web applications from the French company XWiki. XWiki Platform suffers from an injection vulnerability, which stems from improper escaping of Invitation.InvitationCommon, that allows any user with view privileges to execute...

CVE-2023-29211 org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerability

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights WikiManager.DeleteWiki can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the wiki...

XWiki Commons 代码注入漏洞

XWiki Commons is a technology library shared by several other top XWiki projects. A security vulnerability exists in XWiki Commons, which stems from the fact that any user with editing privileges can execute arbitrary Groovy, Python, or Velocity code in XWiki to gain full access to the XWiki...

XWiki Platform 代码注入漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the French company XWiki. A security vulnerability exists in XWiki Platform that originates from the ability of any user to execute arbitrary Groovy, Python or Velocity code in XWiki...

PT-2023-21155 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.11 XWiki Platform versions prior to 14.4.7 XWiki Platform versions prior to 14.10-rc-1 Description: The issue allows any user with view rights to execute arbitrary Groovy, Python, or Velocity code in...

PT-2023-20665 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 13.10 through 14.4.6 XWiki Platform versions 13.10 through 13.10.10 XWiki Platform versions 14.0 through 14.4.6 Description: The issue allows an attacker to use the rights of an existing document content author to...

SUSE CVE-2017-1000403

Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts...

PT-2022-23189 · Xwiki · Xwiki Platform Wiki Ui Main Wiki

Name of the Vulnerable Software and Affected Versions: XWiki Platform Wiki UI Main Wiki versions 5.3-milestone-2 through 13.10.5 XWiki Platform Wiki UI Main Wiki versions 5.3-milestone-2 through 14.3 Description: It's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity...

GHSA-5532-PRRF-RF5X Arbitrary code execution vulnerability in Jenkins Speaks! Plugin

Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts...

Arbitrary code execution vulnerability in Jenkins Speaks! Plugin

Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts...