34 matches found
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the requestEmailChange mutation. An attacker can determine whether specific email addresses are registered by analyzing the differences in error messages returned by the system. Remediation A fix was pushed into...
CVE-2023-49280
XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then exported in an XML file that anyone can download. So it's possible for an attacker to obtain...
EUVD-2020-27406
Malware in sbrugna...
EUVD-2023-3072
Malicious code in bioql PyPI...
CVE-2023-45138
Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to version 1.9.2, it's possible for a user without any specific right to perform script injection and remote code execution just by inserting an...
GHSA-2FR7-CC7P-P45Q Data leak of password hash through change requests
Impact Change request allows to edit any page by default, and the changes are then exported in an XML that anyone can download. So it's possible for an attacker to obtain password hash of users by performing edition of the user profiles and then downloading the XML that has been created. This is...
Data leak of password hash through change requests
Impact Change request allows to edit any page by default, and the changes are then exported in an XML that anyone can download. So it's possible for an attacker to obtain password hash of users by performing edition of the user profiles and then downloading the XML that has been created. This is...
CVE-2023-49280
XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then exported in an XML file that anyone can download. So it's possible for an attacker to obtain...
Design/Logic Flaw
XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then exported in an XML file that anyone can download. So it's possible for an attacker to obtain...
CVE-2023-49280 Data leak of password hash through xwiki change request
XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then exported in an XML file that anyone can download. So it's possible for an attacker to obtain...
CVE-2023-49280 Data leak of password hash through xwiki change request
XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then exported in an XML file that anyone can download. So it's possible for an attacker to obtain...
CVE-2023-49280
The CVE-2023-49280 issue affects the XWiki Change Request extension. By default, Change Request can let a user edit any page and export changes as an XML file, which can leak password hashes when a user profile (or other password-containing document) is edited and the resulting XML is downloaded....
CVE-2023-49280 Data leak of password hash through xwiki change request
XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then exported in an XML file that anyone can download. So it's possible for an attacker to obtain...
XWiki Contrib Change Request Security Vulnerability
Change Request is an open source library for XWiki Contrib. XWiki Contrib Change Request has a security vulnerability that stems from allowing changes to be requested on the wiki without having to publish the changes directly...
XWiki Change Request Application UI XSS and remote code execution through change request title
Impact It's possible for a user without any specific right to perform script injection and remote code execution just by inserting an appropriate title when creating a new Change Request. This vulnerability is particularly critical as Change Request aims at being created by user without any...
GHSA-F776-W9V2-7VFJ XWiki Change Request Application UI XSS and remote code execution through change request title
Impact It's possible for a user without any specific right to perform script injection and remote code execution just by inserting an appropriate title when creating a new Change Request. This vulnerability is particularly critical as Change Request aims at being created by user without any...
CVE-2023-45138
Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to version 1.9.2, it's possible for a user without any specific right to perform script injection and remote code execution just by inserting an...
Design/Logic Flaw
Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to version 1.9.2, it's possible for a user without any specific right to perform script injection and remote code execution just by inserting an...
CVE-2023-45138 Change Request Application vulnerable to XSS and remote code execution through change request title
Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to version 1.9.2, it's possible for a user without any specific right to perform script injection and remote code execution just by inserting an...
CVE-2023-45138 Change Request Application vulnerable to XSS and remote code execution through change request title
Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to version 1.9.2, it's possible for a user without any specific right to perform script injection and remote code execution just by inserting an...