GHSA-PG4M-3GP6-HW4W org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users

Impact It's possible to get access to notification filters of any user by using a URL such as xwiki/bin/get/XWiki/Notifications/Code/NotificationFilterPreferenceLivetableResults?outputSyntax=plain&type=custom&user=. This vulnerability impacts all versions of XWiki since 13.2-rc-1. The filters do...

org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions

Impact It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this. This vulnerability is present in XWiki since 13.2-rc-1...

GHSA-R95W-889Q-X2GX org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions

Impact It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this. This vulnerability is present in XWiki since 13.2-rc-1...

In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them

Impact A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content. The payload is executed at edit...

GHSA-F963-4CQ8-2GW7 In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them

Impact A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content. The payload is executed at edit...

JupyterLab vulnerable to potential authentication and CSRF tokens leak

Impact Users of JupyterLab who click on a malicious link may get their Authorization and XSRFToken tokens exposed to a third party when running an older jupyter-server version. Patches JupyterLab 4.1.0b2, 4.0.11, and 3.6.7 were patched. Workarounds No workaround has been identified, however users...

JupyterLab vulnerable to SXSS in Markdown Preview

Impact The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user...

GHSA-2GRH-GR37-2283 Solr search discloses email addresses of users

Impact The Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email using XWiki's regular search interface. Patches This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1...

Solr search discloses email addresses of users

Impact The Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email using XWiki's regular search interface. Patches This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1...

org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move

Impact An attacker with edit access on any document can be the user profile which is editable by default can move any attachment of any other document to this attacker-controlled document. This allows the attacker to access and possibly publish any attachment of which the name is known, regardles...

GHSA-RWWX-6572-MP29 org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move

Impact An attacker with edit access on any document can be the user profile which is editable by default can move any attachment of any other document to this attacker-controlled document. This allows the attacker to access and possibly publish any attachment of which the name is known, regardles...

GHSA-R726-VMFQ-J9J3 Open Redirect Vulnerability in jupyter-server

Impact Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. Patches Upgrade to Jupyter Server 2.7.2 Workaround...

GHSA-64X5-55RW-9974 cross-site inclusion (XSSI) of files in jupyter-server

Impact Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". Patches Jupyter Server 2.7.2 Workarounds Use lower performance...

GHSA-FWWJ-WG89-7H4C XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email

Impact Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. For instance, the following URL execute an alter on the browser:...

XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email

Impact Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. For instance, the following URL execute an alter on the browser:...

GHSA-4WC6-HQV9-QC97 XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters

Impact A stored XSS can be exploited by users with edit rights by adding a AppWithinMinutes.FormFieldCategoryClass class on a page and setting the payload on the page title. Then, any user visiting /xwiki/bin/view/AppWithinMinutes/ClassEditSheet executes the payload. See...

XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters

Impact A stored XSS can be exploited by users with edit rights by adding a AppWithinMinutes.FormFieldCategoryClass class on a page and setting the payload on the page title. Then, any user visiting /xwiki/bin/view/AppWithinMinutes/ClassEditSheet executes the payload. See...

GHSA-7VR7-CGHH-CH63 XWiki Platform may retrieve email addresses of all users

Impact The mail obfuscation configuration was not fully taken into account and while the mail displayed to the end user was obfuscated: - the rest response was also containing the mail unobfuscated - user were able to filter and sort on the unobfuscated allowing to infer the mail content The...

XWiki Platform may retrieve email addresses of all users

Impact The mail obfuscation configuration was not fully taken into account and while the mail displayed to the end user was obfuscated: - the rest response was also containing the mail unobfuscated - user were able to filter and sort on the unobfuscated allowing to infer the mail content The...

GHSA-J9H5-VCGV-2JFM XWiki Platform vulnerable to RXSS via editor parameter - importinline template

Impact It's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. To reproduce: add an attachment to a page for example, your user profile add...