Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-9733

Malicious code in bioql PyPI...

7.7CVSS6.4AI score0.00369EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/04/05 7:28 p.m.18 views

CVE-2025-31487

The XWiki JIRA extension provides various integration points between XWiki and JIRA macros, UI, CKEditor plugin. If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a...

7.7CVSS7AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2025/04/04 2:20 p.m.10 views

GHSA-WC53-4255-GW3F The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server

Impact If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a DOCTYPE pointing to a local file on the XWiki server host and displaying that file's content in one of the...

7.7CVSS6.8AI score0.00369EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/04/04 2:20 p.m.22 views

The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server

Impact If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a DOCTYPE pointing to a local file on the XWiki server host and displaying that file's content in one of the...

7.7CVSS6.8AI score0.00369EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/03 6:38 p.m.13 views

CVE-2025-31487 The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server

The XWiki JIRA extension provides various integration points between XWiki and JIRA macros, UI, CKEditor plugin. If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a...

7.7CVSS6.9AI score0.00369EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/04/03 6:38 p.m.15 views

CVE-2025-31487 The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server

The XWiki JIRA extension provides various integration points between XWiki and JIRA macros, UI, CKEditor plugin. If the JIRA macro is installed, any logged in XWiki user could edit his/her user profile wiki page and use that JIRA macro, specifying a fake JIRA URL that returns an XML specifying a...

7.7CVSS0.00369EPSS
Exploits0References4
CVE
CVE
added 2025/04/03 6:38 p.m.76 views

CVE-2025-31487

The CVE-2025-31487 affects the XWiki JIRA extension. If the JIRA macro is installed, a logged-in user could abuse the macro to trigger a request that returns XML containing a DOCTYPE with an XXE payload, potentially displaying contents of local files on the XWiki server (e.g., in fields like summ...

7.7CVSS6.9AI score0.00369EPSS
Exploits0References4
Rows per page
Query Builder