2 matches found
XWiki 6.3-milestone-2 < 13.10.5, 14.0 (14.0-rc-1) < 14.3 SQLi Vulnerability (GHSA-wh34-m772-5398)
Xwiki is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescriptio...
CVE-2024-55663
XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in getdocument.vm; the ordering of the returned documents is defined from an unsanitized request parameter request.sort and can allow any user to inject HQL. Depending on th...