Lucene search
+L

7 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:14 a.m.6 views

CVE-2023-29509

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping o...

9.9CVSS7.5AI score0.76297EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2023/04/26 12:0 a.m.15 views

XWiki 7.2-rc-1 < 13.10.11, 14.x < 14.4.7, 14.5.x < 14.10 Code Injection Vulnerability (GHSA-f4v8-58f6-mwj4)

Xwiki is prone to a code injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...

9.9CVSS8.7AI score0.76297EPSS
Exploits1References1
NVD
NVD
added 2023/04/16 8:15 a.m.30 views

CVE-2023-29509

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping o...

9.9CVSS9.7AI score0.76297EPSS
Exploits1References3
CVE
CVE
added 2023/04/16 7:4 a.m.60 views

CVE-2023-29509

CVE-2023-29509 affects XWiki Commons, enabling arbitrary Groovy/Python/Velocity code execution when a user with view rights accesses certain documents. Root cause is improper escaping of the documentTree macro parameters in FlamingoThemesCode.WebHome, a page installed by default. The issue is eff...

9.9CVSS9.4AI score0.76297EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/04/16 7:4 a.m.37 views

CVE-2023-29509 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping o...

9.9CVSS9.8AI score0.76297EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/04/16 7:4 a.m.7 views

CVE-2023-29509 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping o...

9.9CVSS7.4AI score0.76297EPSS
Exploits1References3
OSV
OSV
added 2023/04/16 7:4 a.m.24 views

CVE-2023-29509 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping o...

9.9CVSS8.6AI score0.76297EPSS
Exploits1References5
Rows per page
Query Builder