8 matches found
CVE-2025-52472
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0, the REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is...
XWiki Platform is vulnerable to HQL injection via wiki and space search REST API
Impact The REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is added twice in the query, though, once in the field list for the select and once in the order clause, so it's not that easy to exploit. The part of the query between the two fields can b...
CVE-2025-52472
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0, the REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is...
CVE-2025-52472 XWiki Platform vulnerable to HQL injection via wiki and space search REST API
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0, the REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is...
CVE-2025-52472 XWiki Platform vulnerable to HQL injection via wiki and space search REST API
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0, the REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is...
CVE-2025-52472
Summary of CVE-2025-52472 (XWiki Platform) XWiki Platform is vulnerable to a Hibernate Query Language (HQL) injection in the wiki/space REST search API via the orderField parameter. The issue arises because the parameter value is inadvertently added twice in the generated query (once in the selec...
CVE-2025-52472 XWiki Platform vulnerable to HQL injection via wiki and space search REST API
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0, the REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is...
PT-2025-40901
Name of the Vulnerable Software and Affected Versions XWiki Platform versions 4.3-milestone-1 through 16.10.8 XWiki Platform versions 17.4.0 through 17.4.1 XWiki Platform versions 17.5.0 Description The XWiki Platform, a generic wiki platform, contains a flaw in the REST search URL. The orderFiel...