2 matches found
org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type
Impact When editing a page, XWiki warns since version 15.9 when there is content on the page like a script macro that would gain more rights due to the editing. This analysis doesn't consider certain kinds of properties, allowing a user to put malicious scripts in there that will be executed afte...
CVE-2022-29903
The Private Domains extension for MediaWiki through 1.37.2 before 1ad65d4c1c199b375ea80988d99ab51ae068f766 allows CSRF for editing pages that store the extension's configuration. The attacker must trigger a POST request to Special:PrivateDomains...