Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:0 a.m.9 views

CVE-2023-29211

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights WikiManager.DeleteWiki can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the wiki...

9.9CVSS7.8AI score0.01193EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2023/04/26 12:0 a.m.14 views

XWiki 5.3-milestone-2 < 13.10.11, 14.x < 14.4.7, 14.5.x < 14.10 Code Injection Vulnerability (GHSA-w7v9-fc49-4qg4)

Xwiki is prone to a code injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...

9.9CVSS8.7AI score0.01193EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/04/16 6:34 a.m.8 views

CVE-2023-29211 org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerability

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights WikiManager.DeleteWiki can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the wiki...

9.9CVSS9.6AI score0.01193EPSS
Exploits1References3
CVE
CVE
added 2023/04/16 6:34 a.m.70 views

CVE-2023-29211

CVE-2023-29211 affects XWiki Commons. The vulnerability allows any user with view rights WikiManager.DeleteWiki to execute arbitrary Groovy, Python, or Velocity code, granting full access to the XWiki installation. Root cause is improper escaping of the wikiId URL parameter. Patches are available...

9.9CVSS9.4AI score0.01193EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder