17 matches found
CVE-2023-29205
XWiki Commons are technical libraries common to several other top level XWiki projects. The HTML macro does not systematically perform a proper neutralization of script-related html tags. As a result, any user able to use the html macro in XWiki, is able to introduce an XSS attack. This can be...
XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection
Impact Any user who can edit their own user profile or any other document can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The reason is that rendering output is included as...
EUVD-2023-1400
Malicious code in bioql PyPI...
XWiki < 14.8 XSS Vulnerability (GHSA-vxf7-mx22-jr24)
Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...
CVE-2023-29205
XWiki Commons are technical libraries common to several other top level XWiki projects. The HTML macro does not systematically perform a proper neutralization of script-related html tags. As a result, any user able to use the html macro in XWiki, is able to introduce an XSS attack. This can be...
Design/Logic Flaw
XWiki Commons are technical libraries common to several other top level XWiki projects. The HTML macro does not systematically perform a proper neutralization of script-related html tags. As a result, any user able to use the html macro in XWiki, is able to introduce an XSS attack. This can be...
CVE-2023-29205
CVE-2023-29205 affects XWiki Commons: the HTML macro fails to properly neutralize script-related HTML tags, enabling stored cross-site scripting (XSS) when users render HTML via the macro, including on their profile pages. Affected component is XWiki Commons HTML macro handling within XWiki proje...
CVE-2023-29205 org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro
XWiki Commons are technical libraries common to several other top level XWiki projects. The HTML macro does not systematically perform a proper neutralization of script-related html tags. As a result, any user able to use the html macro in XWiki, is able to introduce an XSS attack. This can be...
CVE-2023-29205 org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro
XWiki Commons are technical libraries common to several other top level XWiki projects. The HTML macro does not systematically perform a proper neutralization of script-related html tags. As a result, any user able to use the html macro in XWiki, is able to introduce an XSS attack. This can be...
CVE-2023-29205 org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro
XWiki Commons are technical libraries common to several other top level XWiki projects. The HTML macro does not systematically perform a proper neutralization of script-related html tags. As a result, any user able to use the html macro in XWiki, is able to introduce an XSS attack. This can be...
org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro
Impact The HTML macro does not systematically perform a proper neutralization of script-related html tags. As a result, any user able to use the html macro in XWiki, is able to introduce an XSS attack. This can be particularly dangerous since in a standard wiki, any user is able to use the html...
GHSA-VXF7-MX22-JR24 org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro
Impact The HTML macro does not systematically perform a proper neutralization of script-related html tags. As a result, any user able to use the html macro in XWiki, is able to introduce an XSS attack. This can be particularly dangerous since in a standard wiki, any user is able to use the html...
PT-2023-22202 · Xwiki · Xwiki
Name of the Vulnerable Software and Affected Versions: XWiki versions prior to 14.8RC1 Description: The HTML macro in XWiki does not properly neutralize script-related HTML tags, allowing any user who can use the HTML macro to introduce an XSS attack. This is particularly dangerous in a standard...
JavaScript Code with variable containing underscore does not work
h3. Issue Summary JavaScript Code with a variable containing an underscore does not work in Page Template HTML macro 3rd Party Plugin Script Runner h3. Steps to Reproduce Sample code block: code:java $test $test1 $"inputname='variableValues.test'".changefunction console.log$this.val;...
Include XSS security warning on HTML macro description in Wiki Markup Renderer
Include XSS security warning on HTML macro description in Wiki Markup Renderer. Derived from JRA-19802...
Include XSS security warning on HTML macro description in Wiki Markup Renderer
Include XSS security warning on HTML macro description in Wiki Markup Renderer. Derived from JRA-19802...
Include XSS security warning on HTML macro description in Wiki Markup Renderer
Include XSS security warning on HTML macro description in Wiki Markup Renderer. Derived from JRA-19802...