Lucene search
K

28 matches found

OSV
OSV
added 2026/05/26 7:33 p.m.8 views

GHSA-VGWR-23FQ-PR7G XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin

Impact A potential path traversal vulnerability allow an attacker who manages to get a malicious WebJar extension installed on the wiki to write arbitrary files. While the consequences could be severe like overriding configuration files and setting the superadmin password, the attack first requir...

5.9CVSS5.9AI score0.00056EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.6 views

PT-2025-3149 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...

7.5CVSS7.5AI score0.00352EPSS
Exploits0References9
NCSC
NCSC
added 2024/12/13 10:4 a.m.10 views

Vulnerabilities fixed in XWiki Platform

XWiki has fixed vulnerabilities in the XWiki Platform Specifically for versions 15.10.9 and 16.3.0. The vulnerabilities are in the way the XWiki Platform handles user permissions. A malicious user with programming privileges can execute code through the Extension Repository Application, or by...

9.9CVSS7.6AI score0.01558EPSS
Exploits4References3
OSV
OSV
added 2024/12/12 7:23 p.m.17 views

GHSA-J2PQ-22JJ-4PM5 XWiki allows remote code execution through the extension sheet

Impact On instances where Extension Repository Application is installed, any user can execute any code requiring programming rights on the server. In order to reproduce on an instance, as a normal user without script nor programming rights, go to your profile and add an object of type...

9.9CVSS9.6AI score0.00749EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/12/12 7:23 p.m.21 views

XWiki allows remote code execution through the extension sheet

Impact On instances where Extension Repository Application is installed, any user can execute any code requiring programming rights on the server. In order to reproduce on an instance, as a normal user without script nor programming rights, go to your profile and add an object of type...

9.9CVSS7AI score0.00749EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2024/12/12 6:15 p.m.16 views

CVE-2024-55662

XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where Extension Repository Application is installed, any user can execute any code requiring programming rights on the server. This vulnerability has been fixed in...

9.9CVSS0.00749EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/12/12 5:25 p.m.25 views

CVE-2024-55662 XWiki allows remote code execution through the extension sheet

XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where Extension Repository Application is installed, any user can execute any code requiring programming rights on the server. This vulnerability has been fixed in...

9.9CVSS0.00749EPSS
Exploits1References3
CVE
CVE
added 2024/12/12 5:25 p.m.70 views

CVE-2024-55662

CVE-2024-55662 affects XWiki Platform (3.3-milestone-1 to versions before 15.10.9 and 16.3.0) when the Extension Repository Application is installed. The root cause is that a user with access to the server can execute code requiring programming rights via the Extension Repository Application, ena...

9.9CVSS9.5AI score0.00749EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/12 5:25 p.m.11 views

CVE-2024-55662 XWiki allows remote code execution through the extension sheet

XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where Extension Repository Application is installed, any user can execute any code requiring programming rights on the server. This vulnerability has been fixed in...

9.9CVSS7.1AI score0.00749EPSS
Exploits1References3
OSV
OSV
added 2024/12/12 5:25 p.m.14 views

CVE-2024-55662 XWiki allows remote code execution through the extension sheet

XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where Extension Repository Application is installed, any user can execute any code requiring programming rights on the server. This vulnerability has been fixed in...

9.9CVSS6.9AI score0.00749EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.5 views

XWiki Platform 安全漏洞

XWiki Platform is the XWiki open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform versions 3.3-milestone-1 through 16.3.0, which stems from the fact that on an instance with the Extension Repository Application installed...

9.9CVSS6.9AI score0.00749EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/12/12 12:0 a.m.8 views

PT-2024-36576 · Unknown · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 3.3-milestone-1 through 15.10.8 XWiki Platform versions 3.3-milestone-1 through 16.2.x Description: XWiki Platform is a generic wiki platform. On instances where Extension Repository Application is installed, any user...

9.9CVSS7.1AI score0.00749EPSS
Exploits1References13
Github Security Blog
Github Security Blog
added 2020/07/31 5:39 p.m.39 views

Cross-site Scripting vulnerability in Kitodo.Presentation

Impact Kitodo.Presentation fails to properly encode URL parameters for output in HTML making it vulnerable to Cross Site Scripting XSS. Only sites using the ListView, Navigation or PageView plugins are affected. It also includes jQuery 3.4.1 which is known to be vulnerable against Cross Site...

6.1CVSS6AI score0.00869EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2020/07/31 5:39 p.m.23 views

GHSA-FPQV-X9HM-35J9 Cross-site Scripting vulnerability in Kitodo.Presentation

Impact Kitodo.Presentation fails to properly encode URL parameters for output in HTML making it vulnerable to Cross Site Scripting XSS. Only sites using the ListView, Navigation or PageView plugins are affected. It also includes jQuery 3.4.1 which is known to be vulnerable against Cross Site...

6.1CVSS6AI score0.00869EPSS
Exploits0References6
Typo3
Typo3
added 2015/06/15 12:0 a.m.7 views

Cross-Site Scripting in extension BE User Log (beko_beuserlog)

It has been discovered that the extension "BE User Log" bekobeuserlog is susceptible to Cross-Site Scripting Release Date: June 15, 2015 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 1.1.1 and below Vulnerability...

6.6AI score
Exploits0Affected Software1
Typo3
Typo3
added 2015/01/09 12:0 a.m.100 views

Multiple vulnerabilities in Content Rating (content_rating)

It has been discovered that the extension "Content Rating" contentrating is susceptible to Cross-Site Scripting and SQL Injection. Release Date: January 9, 2015 Bulletin Update: February 23, 2015 added CVEs Component Type: Third party extension. This extension is not a part of the TYPO3 default...

7.5CVSS6.2AI score0.01288EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2014/02/12 12:0 a.m.137 views

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: alphasitemap, femanager kestats, outstats, pxphpids, smarty, wecmap Release Date: February 12, 2014 Bulletin update: September 18, 2014 added CVEs Please read first: This Collective Security Bulletin CSB is a...

7.5CVSS7.3AI score0.01688EPSS
Exploits0Affected Software6
Typo3
Typo3
added 2010/09/02 12:0 a.m.43 views

Multiple vulnerabilities in third-party extensions

Several vulnerabilities have been found in the following third party TYPO3 extensions: Commenting system Backend Module commentsbe, Tiny Market hmtinymarket, Yet Another Calendar keyac, The official twitter tweet button for your page tweetbutton, XING Button xing Release Date: September 2, 2010...

7.5AI score
Exploits0Affected Software5
Typo3
Typo3
added 2010/03/16 12:0 a.m.8 views

Multiple vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third party TYPO3 extensions: Brainstorming brainstorming, Power Extension Manager chlightem, Sellector.com Widget Integration chsellector, Educator educator, MK Wastebasket mkwastebasket, myDashboard mydashboard, CleanDB nfcleandb, Diocese...

8.1AI score
Exploits0Affected Software21
Packet Storm
Packet Storm
added 2010/02/15 12:0 a.m.29 views

PEAR 1.9.0 Remote File Inclusion

PEAR v.1.9.0 Multiple Remote File Inclusion Vulnerability PEAR, the PHP Extension and Application Repository @package PEAR @Version v.1.9.0 @license http://opensource.org/licenses/bsd-license.php New BSD License @link http://pear.php.net/package/PEAR Type : Remote File Inclusion Vulnerability...

0.2AI score
Exploits0
Rows per page
Query Builder