CVE-2024-31986

XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an XWiki.SchedulerJobClass XObject, it is possible to execute arbitrary code on the server whenever an...

CVE-2024-31986 XWiki Platform CSRF remote code execution through scheduler job's document reference

XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an XWiki.SchedulerJobClass XObject, it is possible to execute arbitrary code on the server whenever an...

a-blog cms 安全漏洞

a-blog cms is a Japanese content management system CMS. A security vulnerability exists in versions of a-blog cms before Ver.3.1.12, before Ver.3.0.32, before Ver.2.11.61, before Ver.2.10.53, which originated from a vulnerability that could allow an attacker to log in to the product and execute...

PT-2024-24336 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 3.1 through 4.10.18 XWiki Platform versions 14.10.18 and earlier XWiki Platform versions 15.5.4 and earlier XWiki Platform version 15.10-rc-1 and earlier Description: The issue allows execution of arbitrary code on the...