XWiki Platform Code Injection Vulnerability

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in the XWiki Platform that originates from the execution of arbitrary script macros, including Groovy and Python macros that can cause remot...

PT-2023-26178 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 5.1-rc-1 through 14.10.7 XWiki Platform versions 15.3-rc-1 and earlier Description: The issue allows any user who can edit their own user profile to execute arbitrary script macros, including Groovy and Python macros,...

Remote code execution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view Invitation.WebHome can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to...

CVE-2023-37914 Privilege escalation (PR)/RCE from account through Invitation subject/message

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view Invitation.WebHome can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to...

XWiki Platform 跨站请求伪造漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A cross-site request forgery vulnerability exists in XWiki Platform that stems from the presence of cross-site request forgery that allows remote execution of code via scri...

CVE-2023-36468

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some cases, it's still possible to exploit the...

Remote code execution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...

CVE-2023-36468 Upgrading doesn't prevent exploiting vulnerable XWiki documents

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some cases, it's still possible to exploit the...

CVE-2023-36468

CVE-2023-36468 affects XWiki Platform. The advisory describes that upgrading to a fixed version does not always prevent exploitation: appending rev=1.1 to the reproduction URL can still trigger remote code execution despite patches. Patches exist in XWiki 14.10.7 and 15.2RC1, which force old revi...

CVE-2023-36469 Code injection through NotificationRSSService in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...

CVE-2023-36469 Code injection through NotificationRSSService in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...

XWiki Platform 注入漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. An injection vulnerability exists in XWiki Platform versions 9.6-rc-1 through 14.10.6 and 15.0-rc-1 through 15.2-rc-1, which stems from the fact that any user who can edit...

PT-2023-4818 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.6 XWiki Platform versions prior to 15.2RC1 Description: The issue allows any user who can edit their own user profile and notification settings to execute arbitrary script macros, including Groovy and...

Remote code execution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki...

PT-2023-22301 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.11 XWiki Platform versions prior to 14.4.8 XWiki Platform versions prior to 14.10.2 XWiki Platform versions prior to 15.0RC1 Description: The issue allows any user who can edit their own user profile to...

XWiki Platform 注入漏洞

XWiki Platform is a suite of wiki platforms for creating web collaboration applications from the French company XWiki. XWiki Platform suffers from an injection vulnerability that originates from the execution of arbitrary script macros, including Groovy and Python macros that allow remote code...

PT-2022-6848 · Unknown · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.7 XWiki Platform versions prior to 15.2RC1 XWiki Platform versions prior to 13.10.6 XWiki Platform versions prior to 14.4 Description: The XWiki Platform has a vulnerability that allows remote code...