35 matches found
MAL-2026-4474 Malicious code in acc-document-editing (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c82ee7b879d66ba2fb79ec7ad7fee47623c2c3b68c8a925510b1f42cd1e3456 The DocumentEditor React component exported by this package, when an end-user opens a.doc file, POSTs the raw file bytes to...
CVE-2026-22867
LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Interlinking feature. When a user creates a link to another document within the editor, the URL of that link is not validated. An attacke...
CVE-2023-29043
Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain...
EUVD-2021-19511
Malware in sbrugna...
EUVD-2021-21986
Malware in sbrugna...
EUVD-2022-3456
Malicious code in bioql PyPI...
EUVD-2023-1787
Malicious code in bioql PyPI...
EUVD-2023-32647
Malicious code in bioql PyPI...
EUVD-2023-41426
Malicious code in bioql PyPI...
EUVD-2021-30380
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
org.xwiki.rendering:xwiki-rendering-syntax-xhtml is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the XHTML syntax relying on the xdom+xml/current syntax, which allows insertion of arbitrary HTML including JavaScript, enabling XSS for users with document editing rights...
XWiki provides no warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right
Impact When a user without script right creates a document with an XWiki.Notifications.Code.NotificationEmailRendererClass object, and later an admin edits and saves that document, the email templates in this object will be used for notifications. No malicious code can be executed, though, as whi...
CVE-2023-34464
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.2.1 until versions 14.4.8, 14.10.5, and 15.1RC1 of org.xwiki.platform:xwiki-platform-web and any version prior to 14.4.8, 14.10.5, and 15.1.RC1 of...
CVE-2025-32973 org.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming right
XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, when a user with programming rights edits a document in XWiki that was last edited by a user without programming rights and...
org.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming right
Impact When a user with programming right edits a document in XWiki that was last edited by a user without programming right and contains an XWiki.ComponentClass, there is no warning that this will grant programming right to this object. An attacker who created such a malicious object could use...
CVE-2024-31983
CVE-2024-31983 (XWiki Platform) : In multilingual wikis, translations can be edited by any user with edit rights, bypassing usual authoring permissions. This can lead to remote code execution if the translation value is not properly escaped where it is used. Affected versions include 4.3-mileston...
CVE-2023-29043
Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain...
CVE-2023-29043
Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain...
Code injection
Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain...
CVE-2023-29043
Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain...