15 matches found
GHSA-QRVH-R3F2-9H4R XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}
Impact POST /wikis/wikiName executes a XAR import without performing any authentication or authorization checks, allowing an unauthenticated attacker to create or update documents in the target wiki Patches This vulnerability has been patched in XWiki 16.10.17, 17.4.9, 17.10.3, 18.0.1 and...
Exploit for CVE-2026-33137
CVE-2026-33137 XWiki Platform - Unauthenticated XAR Import...
CVE-2026-33137
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions starting with 15.10.6 and prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17, the POST /wikis/wikiName API executes a XAR import without...
CVE-2026-33137 XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions starting with 15.10.6 and prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17, the POST /wikis/wikiName API executes a XAR import without...
CVE-2026-33137
CVE-2026-33137 — XWiki Platform : The issue affects XWiki Platform where, in versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17, the POST /wikis/{wikiName} API performs a XAR import without authentication or authorization checks, allowing an unauthenticated attacker to create or update ...
CVE-2026-33137
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions starting with 15.10.6 and prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17, the POST /wikis/wikiName API executes a XAR import without...
CVE-2026-33137 XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions starting with 15.10.6 and prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17, the POST /wikis/wikiName API executes a XAR import without...
EUVD-2026-31157
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17, the POST /wikis/wikiName API executes a XAR import without performing any...
CVE-2023-27480
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host...
Spoofing
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host...
CVE-2023-27480 Data leak through a XAR import XXE attack in xwiki-platform-xar-model
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host...
CVE-2023-27480
CVE-2023-27480 affects XWiki Platform via an XXE/XAR-import vulnerability in the xwiki-platform-xar-model. A user with document edit rights can import a forged XAR file (XAR package) and cause server-side disclosure of file contents (e.g., arbitrary files) due to an XML external entity processing...
CVE-2023-27480 Data leak through a XAR import XXE attack in xwiki-platform-xar-model
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host...
PT-2023-21156 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.11 XWiki Platform versions prior to 14.4.7 XWiki Platform versions prior to 14.10-rc-1 Description: The XWiki Platform is a generic wiki platform offering runtime services for applications built on top o...
Vulnerabilities fixed in XWiki
Vulnerabilities have been fixed in XWiki. A malicious person can by importing a prepared XAR file can exploit the exploit the vulnerability to view or edit any page, whereas it should be editing, when it should not be available to the malicious party. Also, potentially sensitive information can b...