Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:33 p.m.6 views

CVE-2021-32621

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 12.6.7 and 12.10.3, a user without Script or Programming right is able to execute script requiring privileges by editing gadget titles in the dashboard. The issue has been...

8.8CVSS7AI score0.02102EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/05/28 9:5 p.m.33 views

CVE-2021-32621 Script injection without script or programming rights through Gadget titles

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 12.6.7 and 12.10.3, a user without Script or Programming right is able to execute script requiring privileges by editing gadget titles in the dashboard. The issue has been...

8.8CVSS9AI score0.02102EPSS
Exploits1References4
Veracode
Veracode
added 2021/05/26 1:22 p.m.5 views

Privilege Escalation

xwiki-commons-core is vulnerable to privilege escalation. An attacker may exploit the vulnerability by editing the gadget titles in the dashboard...

8.8CVSS6.6AI score0.02102EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/05/18 6:36 p.m.35 views

GHSA-H353-HC43-95VC Script injection without script or programming rights through Gadget titles

Impact A user without Script or Programming right is able to execute script requiring privileges by editing gadget titles in the dashboard. Patches The issue has been patched in XWiki 12.6.7, 12.10.3 and 13.0RC1. Workarounds There's no easy workaround for this issue, it is recommended to upgrade...

8.8CVSS8.8AI score0.02102EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2021/05/18 12:0 a.m.8 views

PT-2021-19813 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 12.6.7 XWiki Platform versions prior to 12.10.3 Description: A user without Script or Programming right is able to execute script requiring privileges by editing gadget titles in the dashboard. Recommendations...

8.8CVSS8.7AI score0.02102EPSS
Exploits1References10
Rows per page
Query Builder