Lucene search
+L

107 matches found

CVE
CVE
added 2025/11/19 5:41 p.m.19 views

CVE-2025-65089

CVE-2025-65089 affects XWiki Remote Macros. Prior to version 1.27.0, a user with no view rights on a page could see the content of an office attachment rendered via the view file macro. This is a data leak due to mis-authorization in the macro rendering path. The issue has been patched in version...

6.8CVSS6.4AI score0.00281EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/11/19 5:41 p.m.6 views

CVE-2025-65089 XWiki view file macro: User can view content of office file without view rights on the attachment

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to version 1.27.0, a user with no view rights on a page may see the content of an office attachment displayed with the view file macro. This issue has been patched in version 1.27.0...

6.8CVSS6.7AI score0.00281EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.5 views

Pro Macros 安全漏洞

Pro Macros is an XWiki enhancement plugin open-sourced by XWiki SAS. A security vulnerability exists in versions of Pro Macros prior to 1.27.0, which originates from the possibility that a user without view privileges may view the contents of office attachments via the view file macro...

6.8CVSS6.4AI score0.00281EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/11/18 7:2 p.m.9 views

XWiki view file macro: User can view content of office file without view rights on the attachment

Summary A user with no view rights on a page may see the content of an office attachment displayed with the view file macro. Details If on a public page is displayed an office attachment from a restricted page, a user with no view rights on the restricted page can view the attachment content, no...

6.8CVSS6.8AI score0.00281EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/11/18 7:2 p.m.8 views

GHSA-8C52-X9W7-VC95 XWiki view file macro: User can view content of office file without view rights on the attachment

Summary A user with no view rights on a page may see the content of an office attachment displayed with the view file macro. Details If on a public page is displayed an office attachment from a restricted page, a user with no view rights on the restricted page can view the attachment content, no...

6.8CVSS6.7AI score0.00281EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.19 views

PT-2025-47417

Name of the Vulnerable Software and Affected Versions XWiki versions prior to 1.27.0 Description A user lacking view permissions on a page may be able to access the content of an office attachment displayed using the view file macro. This occurs when an office attachment from a restricted page is...

6.8CVSS6.5AI score0.00281EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/10/06 12:0 a.m.5 views

CmsEasy 代码注入漏洞

CmsEasy is a content management system CMS for creating responsive websites from China's CmsEasy company. A code injection vulnerability exists in CmsEasy 7.7.7 and earlier versions, which stems from improper manipulation of the parameter PHPSELF in the file lib/inc/view.php in the component URL...

6.1CVSS4.7AI score0.00275EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2025-26651

Malicious code in bioql PyPI...

4.8CVSS4AI score0.00284EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-28998

Malicious code in bioql PyPI...

5.3CVSS4.8AI score0.00657EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/09/24 1:33 p.m.11 views

CVE-2025-10799

A security flaw has been discovered in code-projects Hostel Management System 1.0. The affected element is an unknown function of the file /justines/admin/modreservation/index.php?view=view. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is...

9.8CVSS6.9AI score0.00387EPSS
Exploits1References1
OSV
OSV
added 2025/09/22 4:15 a.m.5 views

CVE-2025-10780

A vulnerability was determined in CodeAstro Simple Pharmacy Management 1.0. This affects an unknown function of the file /view.php. This manipulation of the argument barcode causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be...

8.8CVSS5.7AI score0.00308EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/09/22 3:32 a.m.13 views

CVE-2025-10780 CodeAstro Simple Pharmacy Management view.php sql injection

A vulnerability was determined in CodeAstro Simple Pharmacy Management 1.0. This affects an unknown function of the file /view.php. This manipulation of the argument barcode causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be...

6.5CVSS0.00308EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/09/14 12:10 a.m.15 views

CVE-2025-10273

A vulnerability was identified in erjinzhi 10OA 1.0. Affected by this vulnerability is an unknown functionality of the file /view/file.aspx. Such manipulation of the argument File leads to path traversal. The exploit is publicly available and might be used. The vendor was contacted early about th...

5.3CVSS6.5AI score0.00657EPSS
Exploits1References1
NVD
NVD
added 2025/09/12 12:16 a.m.9 views

CVE-2025-10273

A vulnerability was identified in erjinzhi 10OA 1.0. Affected by this vulnerability is an unknown functionality of the file /view/file.aspx. Such manipulation of the argument File leads to path traversal. The exploit is publicly available and might be used. The vendor was contacted early about th...

5.3CVSS0.00657EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/09/05 10:26 p.m.12 views

CVE-2025-9929

A weakness has been identified in code-projects Responsive Blog Site 1.0. This affects an unknown function of the file blogsview.php. Executing manipulation of the argument productcode/genname/productname/supplier can lead to cross site scripting. It is possible to launch the attack remotely. The...

4.8CVSS5.7AI score0.00284EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/09/04 12:0 a.m.5 views

Code-Projects Responsive Blog Site 代码注入漏洞

Code-Projects Responsive Blog Site is a Code-Projects open source responsive blog site. Code-Projects Responsive Blog Site version 1.0 suffers from a code injection vulnerability that stems from improper manipulation of the parameters productcode/genname/productname/supplier in the file...

4.8CVSS4.1AI score0.00284EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.28 views

PT-2025-35837

Name of the Vulnerable Software and Affected Versions: code-projects Responsive Blog Site version 1.0 Description: A weakness exists in code-projects Responsive Blog Site 1.0, affecting an unknown function within the blogs view.php file. Manipulation of the product code, gen name, product name, o...

4.8CVSS2.9AI score0.00284EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/05/23 10:11 a.m.8 views

CVE-2024-3530

A vulnerability was found in Campcodes Complete Online Student Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file Marksview.php. The manipulation of the argument FirstRecord leads to cross site scripting. The attack can be initiated...

6.1CVSS6.4AI score0.0067EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 8:29 a.m.4 views

CVE-2024-5381

A vulnerability classified as critical was found in itsourcecode Student Information Management System 1.0. Affected by this vulnerability is an unknown functionality of the file view.php. The manipulation of the argument studentId leads to sql injection. The attack can be launched remotely. The...

8.8CVSS7.8AI score0.00622EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:27 a.m.5 views

CVE-2024-5236

A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teachersalaryinvoice1.php. The manipulation of the argument date leads to sql injection. The attack can be...

6.5CVSS7.9AI score0.00391EPSS
Exploits1References1
Rows per page
Query Builder