13 matches found
CVE-2022-36096
The XWiki Platform Index UI is an Index of all pages, attachments, orphans and deleted pages and attachments for XWiki Platform, a generic wiki platform. Prior to versions 13.10.6 and 14.3, it's possible to store JavaScript which will be executed by anyone viewing the deleted attachments index wi...
CVE-2023-3590
Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments...
CVE-2023-3590
Mattermost: CVE-2023-3590 affects the Boards feature where deleted card attachments are not removed, leaving deleted attachments accessible. The vulnerability concerns Mattermost software (Boards) and is described with CVSS details indicating Confidentiality impact. No explicit remediation/versio...
CVE-2023-3590 Deleted attachments in Boards remain accessible
Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from an inability to delete card attachments in Board, allowing an attacker to access deleted attachments...
USN-6073-6 cinder regression
USN-6073-1 fixed a vulnerability in Cinder. Unfortunately the update introduced a regression with detaching volumes. The security fix has been removed pending further investigation. We apologize for the inconvenience. Original advisory details: Jan Wasilewski and Gorka Eguileor discovered that...
XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list
Impact It's possible to store a JavaScript which will be executed by anyone viewing the deleted attachments index with an attachment containing javascript in its name. For example, attachment a file with name .jpg will execute the alert. Patches This issue has been patched in XWiki 13.10.6 and...
GHSA-GJMQ-X5X7-WC36 XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list
Impact It's possible to store a JavaScript which will be executed by anyone viewing the deleted attachments index with an attachment containing javascript in its name. For example, attachment a file with name .jpg will execute the alert. Patches This issue has been patched in XWiki 13.10.6 and...
CVE-2022-36096
The XWiki Platform Index UI is an Index of all pages, attachments, orphans and deleted pages and attachments for XWiki Platform, a generic wiki platform. Prior to versions 13.10.6 and 14.3, it's possible to store JavaScript which will be executed by anyone viewing the deleted attachments index wi...
CVE-2022-36096 XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list
The XWiki Platform Index UI is an Index of all pages, attachments, orphans and deleted pages and attachments for XWiki Platform, a generic wiki platform. Prior to versions 13.10.6 and 14.3, it's possible to store JavaScript which will be executed by anyone viewing the deleted attachments index wi...
CVE-2022-36096 XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list
The XWiki Platform Index UI is an Index of all pages, attachments, orphans and deleted pages and attachments for XWiki Platform, a generic wiki platform. Prior to versions 13.10.6 and 14.3, it's possible to store JavaScript which will be executed by anyone viewing the deleted attachments index wi...
CVE-2022-36096 XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list
The XWiki Platform Index UI is an Index of all pages, attachments, orphans and deleted pages and attachments for XWiki Platform, a generic wiki platform. Prior to versions 13.10.6 and 14.3, it's possible to store JavaScript which will be executed by anyone viewing the deleted attachments index wi...
XWiki Platform 跨站脚本漏洞
XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the French company XWiki. A security vulnerability exists in the XWiki Platform Index UI prior to version 13.10.6 and prior to version 14.3, which stems from the ability to store JavaScript that can be...