8 matches found
CVE-2023-45144
com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting XSS and XWiki syntax...
EUVD-2023-2744
Malicious code in bioql PyPI...
The vulnerability of the com.xwiki.identity-oauth:identity-oauth-ui package in the XWiki Platform. XWiki allows a perpetrator to carry out XSS attacks.
The vulnerability of the com.xwiki.identity-oauth:identity-oauth-ui package in the XWiki Platform involves a lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow an attacker to perform cross-site scripting XSS attacks remotely...
CVE-2023-45144
com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting XSS and XWiki syntax...
Cross site scripting
com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting XSS and XWiki syntax...
CVE-2023-45144 Remote code execution from login screen through unescaped URL parameter in OAuth Identity XWiki App
com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting XSS and XWiki syntax...
CVE-2023-45144 Remote code execution from login screen through unescaped URL parameter in OAuth Identity XWiki App
com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting XSS and XWiki syntax...
PT-2023-8621 · Xwiki · Identity-Oauth-Ui
Name of the Vulnerable Software and Affected Versions: com.xwiki.identity-oauth:identity-oauth-ui versions prior to 1.6 Description: The issue is related to the lack of protection of the web page structure, allowing a remote attacker to conduct a cross-site scripting XSS attack. When a user logs ...