28 matches found
GHSA-VGWR-23FQ-PR7G XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin
Impact A potential path traversal vulnerability allow an attacker who manages to get a malicious WebJar extension installed on the wiki to write arbitrary files. While the consequences could be severe like overriding configuration files and setting the superadmin password, the attack first requir...
PT-2025-3149 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...
Vulnerabilities fixed in XWiki Platform
XWiki has fixed vulnerabilities in the XWiki Platform Specifically for versions 15.10.9 and 16.3.0. The vulnerabilities are in the way the XWiki Platform handles user permissions. A malicious user with programming privileges can execute code through the Extension Repository Application, or by...
GHSA-J2PQ-22JJ-4PM5 XWiki allows remote code execution through the extension sheet
Impact On instances where Extension Repository Application is installed, any user can execute any code requiring programming rights on the server. In order to reproduce on an instance, as a normal user without script nor programming rights, go to your profile and add an object of type...
XWiki allows remote code execution through the extension sheet
Impact On instances where Extension Repository Application is installed, any user can execute any code requiring programming rights on the server. In order to reproduce on an instance, as a normal user without script nor programming rights, go to your profile and add an object of type...
CVE-2024-55662
XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where Extension Repository Application is installed, any user can execute any code requiring programming rights on the server. This vulnerability has been fixed in...
CVE-2024-55662 XWiki allows remote code execution through the extension sheet
XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where Extension Repository Application is installed, any user can execute any code requiring programming rights on the server. This vulnerability has been fixed in...
CVE-2024-55662
CVE-2024-55662 affects XWiki Platform (3.3-milestone-1 to versions before 15.10.9 and 16.3.0) when the Extension Repository Application is installed. The root cause is that a user with access to the server can execute code requiring programming rights via the Extension Repository Application, ena...
CVE-2024-55662 XWiki allows remote code execution through the extension sheet
XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where Extension Repository Application is installed, any user can execute any code requiring programming rights on the server. This vulnerability has been fixed in...
CVE-2024-55662 XWiki allows remote code execution through the extension sheet
XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where Extension Repository Application is installed, any user can execute any code requiring programming rights on the server. This vulnerability has been fixed in...
XWiki Platform 安全漏洞
XWiki Platform is the XWiki open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform versions 3.3-milestone-1 through 16.3.0, which stems from the fact that on an instance with the Extension Repository Application installed...
PT-2024-36576 · Unknown · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 3.3-milestone-1 through 15.10.8 XWiki Platform versions 3.3-milestone-1 through 16.2.x Description: XWiki Platform is a generic wiki platform. On instances where Extension Repository Application is installed, any user...
Cross-site Scripting vulnerability in Kitodo.Presentation
Impact Kitodo.Presentation fails to properly encode URL parameters for output in HTML making it vulnerable to Cross Site Scripting XSS. Only sites using the ListView, Navigation or PageView plugins are affected. It also includes jQuery 3.4.1 which is known to be vulnerable against Cross Site...
GHSA-FPQV-X9HM-35J9 Cross-site Scripting vulnerability in Kitodo.Presentation
Impact Kitodo.Presentation fails to properly encode URL parameters for output in HTML making it vulnerable to Cross Site Scripting XSS. Only sites using the ListView, Navigation or PageView plugins are affected. It also includes jQuery 3.4.1 which is known to be vulnerable against Cross Site...
Cross-Site Scripting in extension BE User Log (beko_beuserlog)
It has been discovered that the extension "BE User Log" bekobeuserlog is susceptible to Cross-Site Scripting Release Date: June 15, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.1.1 and below Vulnerability...
Multiple vulnerabilities in Content Rating (content_rating)
It has been discovered that the extension "Content Rating" contentrating is susceptible to Cross-Site Scripting and SQL Injection. Release Date: January 9, 2015 Bulletin Update: February 23, 2015 added CVEs Component Type: Third party extension. This extension is not a part of the TYPO3 default...
Several vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third-party TYPO3 extensions: alphasitemap, femanager kestats, outstats, pxphpids, smarty, wecmap Release Date: February 12, 2014 Bulletin update: September 18, 2014 added CVEs Please read first: This Collective Security Bulletin CSB is a...
Multiple vulnerabilities in third-party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: Commenting system Backend Module commentsbe, Tiny Market hmtinymarket, Yet Another Calendar keyac, The official twitter tweet button for your page tweetbutton, XING Button xing Release Date: September 2, 2010...
Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: Brainstorming brainstorming, Power Extension Manager chlightem, Sellector.com Widget Integration chsellector, Educator educator, MK Wastebasket mkwastebasket, myDashboard mydashboard, CleanDB nfcleandb, Diocese...
PEAR 1.9.0 Remote File Inclusion
PEAR v.1.9.0 Multiple Remote File Inclusion Vulnerability PEAR, the PHP Extension and Application Repository @package PEAR @Version v.1.9.0 @license http://opensource.org/licenses/bsd-license.php New BSD License @link http://pear.php.net/package/PEAR Type : Remote File Inclusion Vulnerability...