3948 matches found
XWiki Platform Code Injection Vulnerability
XWiki Platform is the French company XWiki's set of Wiki platform for creating Web collaboration applications. A code injection vulnerability exists in XWiki Platform. The vulnerability stems from incorrectly escaping macro content and menu macro parameters, which can be exploited to execute...
CVE-2022-41934 Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-menu-ui
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki...
CVE-2022-41934 Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-menu-ui
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki...
PT-2022-26165 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.8 XWiki Platform versions prior to 14.4.3 XWiki Platform versions prior to 14.6RC1 Description: The XWiki Platform is vulnerable to arbitrary code execution due to improper escaping of the macro content...
CVE-2022-3958
Cross-site Scripting XSS vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks...
CVE-2022-3893
Cross-site Scripting XSS vulnerability in BlueSpiceCustomMenu extension of BlueSpice allows user with admin permissions to inject arbitrary HTML into the custom menu navigation of the application...
CVE-2022-3958 Potential XSS on personal menu navigation
Cross-site Scripting XSS vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks...
November 15, 2022—KB5019157 (OS Build 22000.1281) Preview
November 15, 2022—KB5019157 OS Build 22000.1281 Preview 11/8/22 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a non-security preview release for the month of December 2022. There will be a monthly security release known as a “B”...
PT-2022-24980 · Bluespice · Bluespice
Name of the Vulnerable Software and Affected Versions: BlueSpice affected versions not specified Description: The issue allows a user with a regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users, enabling targeted attacks...
PT-2022-24619 · Bluespice · Bluespice
Name of the Vulnerable Software and Affected Versions: BlueSpice affected versions not specified Description: The issue allows a user with admin permissions to inject arbitrary HTML into the custom menu navigation of the application, which is a result of a Cross-site Scripting XSS vulnerability i...
BlueSpice 跨站脚本漏洞
BlueSpice is free Wiki software from BlueSpice based on the MediaWiki engine. BlueSpice suffers from a cross-site scripting vulnerability that stems from its BlueSpiceCustomMenu extension that allows users with administrative privileges to inject arbitrary HTML into the application's custom menu...
CVE-2022-3776
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as formsaction, setoption...
CVE-2022-3776
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as formsaction, setoption...
CVE-2022-2696
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attacke...
CVE-2022-2696
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attacke...
Cross site request forgery (csrf)
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as formsaction, setoption...
CVE-2022-3776
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as formsaction, setoption...
CVE-2022-3776 Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.1 - Cross-Site Request Forgery
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as formsaction, setoption...
CVE-2022-2696
The CVE affects the WordPress plugin The Restaurant Menu – Food Ordering System – Table Reservation (versions up to 2.3.0). Root cause: missing capability checks and missing nonce validation in multiple AJAX actions, enabling authorization bypass. Impact: authenticated attackers with minimal priv...
CVE-2022-2696 Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.0 - Missing Authorization on AJAX Actions
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attacke...