CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

NVD•added 2023/06/23 6:15 p.m.•13 views

CVE-2023-35153

XWiki Platform is a generic wiki platform. Starting in version 5.4.4 and prior to versions 14.4.8, 14.10.4, and 15.0, a stored cross-site scripting vulnerability can be exploited by users with edit rights by adding a AppWithinMinutes.FormFieldCategoryClass class on a page and setting the payload ...

9CVSS8.6AI score0.02352EPSS

Exploits1References3

Prion•added 2023/06/23 6:15 p.m.•12 views

Cross site scripting

4.9CVSS5.1AI score0.02352EPSS

Exploits1References3Affected Software1

Cvelist•added 2023/06/23 5:19 p.m.•12 views

CVE-2023-35153 XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters

9CVSS8.7AI score0.02352EPSS

Exploits1References3

Vulnrichment•added 2023/06/23 5:19 p.m.•12 views

CVE-2023-35153 XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters

9CVSS5.9AI score0.02352EPSS

Exploits1References3

OSV•added 2023/06/20 4:47 p.m.•15 views

GHSA-4WC6-HQV9-QC97 XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters

Impact A stored XSS can be exploited by users with edit rights by adding a AppWithinMinutes.FormFieldCategoryClass class on a page and setting the payload on the page title. Then, any user visiting /xwiki/bin/view/AppWithinMinutes/ClassEditSheet executes the payload. See...

9CVSS7AI score0.02352EPSS

Exploits1References5

Github Security Blog•added 2023/06/20 4:47 p.m.•23 views

XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters

9CVSS6.1AI score0.02352EPSS

Exploits1References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by