10 matches found
CVE-2023-50732
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1...
Code injection
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1...
CVE-2023-50732 Velocity execution without script right through tree macro
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1...
XWiki Platform Security Vulnerability
XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating collaborative Web applications. A security vulnerability exists in XWiki Platform that stems from the ability to execute unscripted Velocity scripts directly through the document tree...
Velocity execution without script right through tree macro
Impact It's possible to execute a Velocity script without script right through the document tree. To reproduce: As a user without script right, create a document, e.g., named Nasty Title Set the document's title to $request.requestURI Click "Save & View" Reload the page in the browser The...
GHSA-P5F8-QF24-24CJ Velocity execution without script right through tree macro
Impact It's possible to execute a Velocity script without script right through the document tree. To reproduce: As a user without script right, create a document, e.g., named Nasty Title Set the document's title to $request.requestURI Click "Save & View" Reload the page in the browser The...
PT-2023-31630 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.7 XWiki Platform versions prior to 15.2RC1 Description: The issue allows execution of a Velocity script without script right through the document tree. This can be exploited by a user without script righ...
WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed
WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed VULNERABILITY DETAILS HTMLFrameElementBase.cpp: bool HTMLFrameElementBase::isURLAllowed const if mURL.isEmpty // 4 return true; return isURLAlloweddocument.completeURLmURL; bool HTMLFrameElementBase::isURLAllowedconst URL& completeURL...
Gordano NTMail 4.2 Web File Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/279/info A vulnerability in Gordano's NTMail allows remote malicious users to steal local files. Gordano's NTMail is a Windows NT mail server program. One of its features is allowing administrators to configure the server...
Computalynx CMail 2.3 - Web File Access
Computalynx CMail 2.3 - Web File Access / source: https://www.securityfocus.com/bid/281/info A vulnerability in Computalynx's CMail allows remote malicious users to steal local files. Compulynx's CMail is a Win32 mail server program. One of its features is allowing users to access their email wit...