9 matches found
XWiki Platform 安全漏洞
XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform that stems from improper management of user rights. The following versions are affected: versions 13.10.4 through 14.0-rc-1, 14.2 through...
XWiki 14.0-rc-1 < 14.4.8, 14.5 < 14.10.4 Privilege Escalation Vulnerability (GHSA-rwwx-6572-mp29)
Xwiki is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescripti...
XWiki 2.5-milestone-2 < 13.10.11, 14.0-rc-1 < 14.4.8, 14.5 < 14.10.1 Information Disclosure Vulnerability (GHSA-m3c3-9qj7-7xmx)
Xwiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...
XWiki 10.11.1 < 13.10.11, 14.0-rc-1 < 14.4.8, 14.5 < 14.10.3 Privilege Escalation Vulnerability (GHSA-gpq5-7p34-vqx5)
Xwiki is prone to an privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...
XWiki 6.0-rc-1 < 13.10.10, 14.0-rc-1 < 14.4.4, 14.5 < 14.8 Open Redirect Vulnerability (GHSA-xwph-x6xj-wggv)
Xwiki is prone to an open redirect vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...
Code injection
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make the farm unusable by adding an object to a page with a huge number e.g. 67108863. Most of the time this will fill the memory allocated to XWiki and make it unusable every...
CVE-2023-26470 In XWiki Platform, saving a document with a large object number leads to persistent OOM errors
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make the farm unusable by adding an object to a page with a huge number e.g. 67108863. Most of the time this will fill the memory allocated to XWiki and make it unusable every...
CVE-2022-36097 XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form
XWiki Platform Attachment UI provides a macro to easily upload and select attachments for XWiki Platform, a generic wiki platform. Starting with version 14.0-rc-1 and prior to 14.4-rc-1, it's possible to store JavaScript in an attachment name, which will be executed by anyone trying to move the...
Cross-site Scripting in wiki manager join wiki page
Impact We found a possible XSS vector in the WikiManager.JoinWiki wiki page related to the "requestJoin" field. Patches The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. Workarounds The easiest workaround is to edit the wiki page WikiManager.JoinWiki with wiki editor and chan...