4 matches found
XWiki 1.2-milestone-2 < 15.10.9, 16.0.0-rc-1 < 16.3.0 Incorrect Authorization Vulnerability (GHSA-cwq6-mjmx-47p6)
Xwiki is prone to an incorrect authorization vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...
CVE-2024-55876
XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document...
CVE-2024-55876
creationtimestamp| type| source ---|---|--- 2024-12-12 19:03:46+00:00| seen| https://infosec.exchange/users/cve/statuses/113641404902137205 2024-12-12 21:21:55+00:00| seen| https://t.me/cvedetector/12803...
CVE-2024-55876
CVE-2024-55876 affects XWiki Platform. Versions 1.2-milestone-2 through 16.3.0 are vulnerable: any account on the master wiki could execute scheduling operations on subwikis by interacting with Scheduler.WebHome and triggering a job, indicating an insufficient authorization boundary between main ...