Lucene search
K

9 matches found

CNNVD
CNNVD
added 2024/07/31 12:0 a.m.8 views

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform that stems from improper management of user rights. The following versions are affected: versions 13.10.4 through 14.0-rc-1, 14.2 through...

4.3CVSS6.5AI score0.00398EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2023/11/16 12:0 a.m.17 views

XWiki 14.0-rc-1 < 14.4.8, 14.5 < 14.10.4 Privilege Escalation Vulnerability (GHSA-rwwx-6572-mp29)

Xwiki is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescripti...

8.1CVSS8.1AI score0.00573EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2023/07/26 12:0 a.m.18 views

XWiki 2.5-milestone-2 < 13.10.11, 14.0-rc-1 < 14.4.8, 14.5 < 14.10.1 Information Disclosure Vulnerability (GHSA-m3c3-9qj7-7xmx)

Xwiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

7.5CVSS7.2AI score0.0101EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2023/07/13 12:0 a.m.18 views

XWiki 10.11.1 < 13.10.11, 14.0-rc-1 < 14.4.8, 14.5 < 14.10.3 Privilege Escalation Vulnerability (GHSA-gpq5-7p34-vqx5)

Xwiki is prone to an privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

9.9CVSS8.7AI score0.01144EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2023/07/13 12:0 a.m.13 views

XWiki 6.0-rc-1 < 13.10.10, 14.0-rc-1 < 14.4.4, 14.5 < 14.8 Open Redirect Vulnerability (GHSA-xwph-x6xj-wggv)

Xwiki is prone to an open redirect vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...

6.1CVSS6.4AI score0.01756EPSS
Exploits1References1
Prion
Prion
added 2023/03/02 7:15 p.m.12 views

Code injection

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make the farm unusable by adding an object to a page with a huge number e.g. 67108863. Most of the time this will fill the memory allocated to XWiki and make it unusable every...

5CVSS7.5AI score0.00855EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/03/02 6:37 p.m.28 views

CVE-2023-26470 In XWiki Platform, saving a document with a large object number leads to persistent OOM errors

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make the farm unusable by adding an object to a page with a huge number e.g. 67108863. Most of the time this will fill the memory allocated to XWiki and make it unusable every...

5.7CVSS7.3AI score0.00855EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2022/09/08 8:35 p.m.8 views

CVE-2022-36097 XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form

XWiki Platform Attachment UI provides a macro to easily upload and select attachments for XWiki Platform, a generic wiki platform. Starting with version 14.0-rc-1 and prior to 14.4-rc-1, it's possible to store JavaScript in an attachment name, which will be executed by anyone trying to move the...

8.9CVSS8.9AI score0.57388EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/25 10:41 p.m.47 views

Cross-site Scripting in wiki manager join wiki page

Impact We found a possible XSS vector in the WikiManager.JoinWiki wiki page related to the "requestJoin" field. Patches The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. Workarounds The easiest workaround is to edit the wiki page WikiManager.JoinWiki with wiki editor and chan...

7.4CVSS5.7AI score0.00921EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder