8 matches found
EUVD-2023-2625
Malicious code in bioql PyPI...
XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro
Impact The footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution,...
GHSA-35J5-M29R-XFQ5 XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro
Impact The footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution,...
Remote code execution
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of org.xwiki.platform:xwiki-core-rendering-macro-footnotes and org.xwiki.platform:xwiki-rendering-macro-footnotes and prior to version 15.1-rc-1 of...
CVE-2023-37912 XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of org.xwiki.platform:xwiki-core-rendering-macro-footnotes and org.xwiki.platform:xwiki-rendering-macro-footnotes and prior to version 15.1-rc-1 of...
CVE-2023-37912
Summary: CVE-2023-37912 affects XWiki Rendering’s footnote macro. Prior to versions 14.10.6 (footnotes macros) and 15.1-rc-1 (footnotes macro), the footnote macro could execute content in a different context, enabling privilege escalation from a user to programming rights and potentially remote c...
CVE-2023-37912 XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of org.xwiki.platform:xwiki-core-rendering-macro-footnotes and org.xwiki.platform:xwiki-rendering-macro-footnotes and prior to version 15.1-rc-1 of...
XWiki Rendering Security Vulnerability
XWiki Rendering is a general-purpose rendering system from the XWiki Foundation that converts text input from a given syntax wiki syntax, HTML, etc. to another syntax XHTML, etc.. A security vulnerability exists in XWiki Rendering that stems from a footnote macro executing its contents in possibl...