3 matches found
CVE-2024-31996
CVE-2024-31996 affects XWiki Platform (XWiki Commons). The issue is improper escaping in the HTML escapetool used by XWiki, which fails to escape the “{” character, enabling syntax injection and remote code execution. Affected versions start at 3.0.1 and extend up to 4.10.19, 15.5.4, and 15.10-rc...
CVE-2024-31981
XWiki Platform has a remote code execution vulnerability (CVE-2024-31981) via PDF export templates. Affected versions are 3.0.1 up to 4.10.19, plus 15.5.x and 15.10-rc-1 before patches, with fixes in 4.10.20, 15.5.4, and 15.10-rc-1. If PDF templates are not used, an admin can create the XWiki.PDF...
PT-2024-24336 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 3.1 through 4.10.18 XWiki Platform versions 14.10.18 and earlier XWiki Platform versions 15.5.4 and earlier XWiki Platform version 15.10-rc-1 and earlier Description: The issue allows execution of arbitrary code on the...