XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability

Impact It's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the request URL parameter using the XWikiServerClassSheet if the user has view access to this sheet and another page that has been saved with programming rights, a standard condition on a...

XWiki 5.3 < 13.10.6, 14.0 < 14.4 Code Injection Vulnerability (GHSA-xr6m-2p4m-jvqf)

Xwiki is prone to a code injection vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...

EUVD-2022-6981

XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the...

XWiki Platform 代码注入漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the French company XWiki. A security vulnerability exists in XWiki Platform versions prior to 13.10.6 and 14.4, which stems from the fact that if a user has a view, it is possible to use the...

PT-2022-23189 · Xwiki · Xwiki Platform Wiki Ui Main Wiki

Name of the Vulnerable Software and Affected Versions: XWiki Platform Wiki UI Main Wiki versions 5.3-milestone-2 through 13.10.5 XWiki Platform Wiki UI Main Wiki versions 5.3-milestone-2 through 14.3 Description: It's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity...