52 matches found
CVE-2023-29508 org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Cross-site Scripting
XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11...
CVE-2023-29508 org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Cross-site Scripting
XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11...
XWiki Commons 跨站脚本漏洞
XWiki Commons is a technology library shared by several other top XWiki projects. A security vulnerability exists in XWiki Commons, which stems from the fact that if the last author of a page's content has scripting privileges, a user without scripting privileges can use the Live Data macro to...
GHSA-32FQ-M2Q5-H83G XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data
Impact A user without script rights can introduce a stored XSS by using the Live Data macro. For instance: liveData id="movies" properties="title,description" "data": "count": 1, "entries": "title": "Meet John Doe", "url": "https://www.imdb.com/title/tt0033891/", "description": "" , "meta":...
XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data
Impact A user without script rights can introduce a stored XSS by using the Live Data macro. For instance: liveData id="movies" properties="title,description" "data": "count": 1, "entries": "title": "Meet John Doe", "url": "https://www.imdb.com/title/tt0033891/", "description": "" , "meta":...
CVE-2023-26480
XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XWiki 14.9, 14.4.7, and 13.10.10. There are no known workarounds...
Cross site scripting
XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XWiki 14.9, 14.4.7, and 13.10.10. There are no known workarounds...
CVE-2023-26480 XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data
XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XWiki 14.9, 14.4.7, and 13.10.10. There are no known workarounds...
CVE-2023-26480 XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data
XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XWiki 14.9, 14.4.7, and 13.10.10. There are no known workarounds...
XWiki Platform 跨站脚本漏洞
XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. A security vulnerability exists in XWiki Platform that stems from the ability of a user without scripting privileges to use live data macros to cause stored cross-site scripting...
CVE-2022-43469
Cross-Site Request Forgery CSRF vulnerability in Orchestrated Corona Virus COVID-19 Banner & Live Data plugin = 1.7.0.6 versions...
CVE-2022-43469
Cross-Site Request Forgery CSRF vulnerability in Orchestrated Corona Virus COVID-19 Banner & Live Data plugin = 1.7.0.6 versions...
CVE-2022-43469
CVE-2022-43469 affects the WordPress plugin “Orchestrated Corona Virus (COVID-19) Banner & Live Data” up to version 1.7.0.6, which is vulnerable to Cross-Site Request Forgery (CSRF). The Red Hat/NVD entries, Patchstack, PT-2023-14218 and other sources confirm CSRF with no patches available from t...
WordPress Corona Virus (COVID-19) Banner & Live Data plugin <= 1.7.0.6 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress Corona Virus COVID-19 Banner & Live Data plugin versions = 1.7.0.6. Solution No patched version is available. No reply from the vendor...
Sql injection
SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql...
CVE-2020-8521
SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql...
CVE-2020-8519
SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql...
SAP Business Objects Business Intelligence Platform Access Control Error Vulnerability
SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. An access control error vulnerability exists in SAP Business Objects...
CVE-2020-6242
SAP Business Objects Business Intelligence Platform Live Data Connect, versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing...
Authentication flaw
SAP Business Objects Business Intelligence Platform Live Data Connect, versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing...