Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:3 a.m.8 views

CVE-2022-24898

org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a script to access any file accessing to the user running XWiki application server with XML External...

4.9CVSS7AI score0.01408EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/04/28 7:35 p.m.37 views

CVE-2022-24898 Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml

org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a script to access any file accessing to the user running XWiki application server with XML External...

4.9CVSS5.6AI score0.01408EPSS
Exploits1References3
OSV
OSV
added 2022/04/28 7:35 p.m.38 views

CVE-2022-24898 Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml

org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a script to access any file accessing to the user running XWiki application server with XML External...

4.9CVSS5.2AI score0.01408EPSS
Exploits1References5
CVE
CVE
added 2022/04/28 7:35 p.m.120 views

CVE-2022-24898

CVE-2022-24898 affects org.xwiki.commons:xwiki-commons-xml, a common module used by XWiki projects. The issue is XML External Entity Injection via the XML script service, allowing a script to access files on the user running the XWiki server. Affected: 2.7 up to but not including patched versions...

4.9CVSS5.1AI score0.01408EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder