3 matches found
CVE-2023-32069
XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-2 and prior to versions 14.10.4 and 15.0-rc-1, it's possible for a user to execute anything with the right of the author of the XWiki.ClassSheet document. This has been patched in XWiki 15.0-rc-1 and 14.10.4. There are n...
GHSA-36FM-J33W-C25F Privilege escalation (PR)/RCE from account through class sheet
Impact It's possible for a user to execute anything with the right of the author of the XWiki.ClassSheet document. Steps to Reproduce: 1. Edit your user profile with the object editor and add an object of type DocumentSheetBinding with value Default Class Sheet 1. Edit your user profile with the...
CVE-2022-36099
CVE-2022-36099 affects XWiki Platform Wiki UI Main Wiki. Affected: XWiki Platform versions 5.3-milestone-2 up to but not including 13.10.6 and 14.4. Root cause: via the request URL parameter, an attacker can inject arbitrary wiki syntax using the XWikiServerClassSheet when the attacker has view a...