Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 11:39 p.m.11 views

CVE-2022-41937

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a...

9.6CVSS6.5AI score0.00732EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/11/22 12:0 a.m.6 views

CVE-2022-41937 Missing Authorization in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a...

9.6CVSS9.1AI score0.00732EPSS
Exploits0References3
NCSC
NCSC
added 2022/11/22 12:0 a.m.5 views

Vulnerabilities fixed in XWiki

Vulnerabilities have been fixed in XWiki. A malicious person can by importing a prepared XAR file can exploit the exploit the vulnerability to view or edit any page, whereas it should be editing, when it should not be available to the malicious party. Also, potentially sensitive information can b...

9.6CVSS6.7AI score0.00732EPSS
Exploits0
CVE
CVE
added 2022/11/22 12:0 a.m.72 views

CVE-2022-41937

XWiki Platform suffered a Missing Authorization vulnerability where any user with view access could modify pages by importing a crafted XAR package. The issue stems from improper privilege management and was fixed in XWiki 14.6RC1, 14.6, and 13.10.8. A workaround is to restrict the Filter.WebHome...

9.6CVSS8.2AI score0.00732EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder