10 matches found
EUVD-2023-1122
Malicious code in bioql PyPI...
CVE-2023-26472
XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with certain content. This can be done by creating a new page or even through the user profile for users not having ed...
GHSA-VWR6-QP4Q-2WJ7 XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile
Impact One can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with the following content: async async="true" groovy println"Hello from Groovy!" /groovy /async Can be done by creating a new page or even through the user profile for users not having edit...
XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile
Impact One can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with the following content: async async="true" groovy println"Hello from Groovy!" /groovy /async Can be done by creating a new page or even through the user profile for users not having edit...
CVE-2023-26472
XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with certain content. This can be done by creating a new page or even through the user profile for users not having ed...
Code injection
XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with certain content. This can be done by creating a new page or even through the user profile for users not having ed...
CVE-2023-26472
XWiki Platform (v6.2-milestone-1 and earlier) is vulnerable to privilege escalation via IconThemeSheet by creating a crafted icon theme, enabling execution of wiki content with IconThemeSheet author rights. The issue allows exploitation via new pages or user profiles by users without edit rights....
CVE-2023-26472 XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile
XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with certain content. This can be done by creating a new page or even through the user profile for users not having ed...
CVE-2023-26472 XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile
XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with certain content. This can be done by creating a new page or even through the user profile for users not having ed...
CVE-2023-26472 XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile
XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with certain content. This can be done by creating a new page or even through the user profile for users not having ed...