XWiki Commons 代码注入漏洞

XWiki Commons is a technology library shared by several other top XWiki projects. A security vulnerability exists in XWiki Commons, which stems from the fact that any user with editing privileges can execute arbitrary Groovy, Python, or Velocity code in XWiki to gain full access to the XWiki...

XWiki Platform 代码注入漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the French company XWiki. A security vulnerability exists in XWiki Platform that originates from the ability of any user to execute arbitrary Groovy, Python or Velocity code in XWiki...

PT-2023-21155 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.11 XWiki Platform versions prior to 14.4.7 XWiki Platform versions prior to 14.10-rc-1 Description: The issue allows any user with view rights to execute arbitrary Groovy, Python, or Velocity code in...

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui

Impact Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper neutralization of the macro parameters of the icon picker macro. The URL...

Design/Logic Flaw

XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document Main.Tags in XWiki didn't sanitize user inputs...

CVE-2022-36100 XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection

XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document Main.Tags in XWiki didn't sanitize user inputs...

PT-2022-23189 · Xwiki · Xwiki Platform Wiki Ui Main Wiki

Name of the Vulnerable Software and Affected Versions: XWiki Platform Wiki UI Main Wiki versions 5.3-milestone-2 through 13.10.5 XWiki Platform Wiki UI Main Wiki versions 5.3-milestone-2 through 14.3 Description: It's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity...