5087 matches found
CVE-2023-30177
CraftCMS 3.7.59 is vulnerable Cross Site Scripting XSS. An attacker can inject javascript code into Volume Name...
Pixel&tonic Craft CMS 跨站脚本漏洞
Pixel & tonic Craft CMS is a content management system CMS from Pixel & tonic USA. A security vulnerability exists in Pixel & tonic Craft CMS version 3.7.59. An attacker exploited the vulnerability to inject javascript code into Volume Name...
XWiki App Within Minutes app grants space admin rights that allows cross-site scripting
Impact Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can be exploited by creating an app in App Within Minutes. If the button should be disabled because th...
GHSA-44H9-XXVX-PG6X XWiki App Within Minutes app grants space admin rights that allows cross-site scripting
Impact Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can be exploited by creating an app in App Within Minutes. If the button should be disabled because th...
CVE-2023-29528
XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting...
Cross site scripting
XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting...
CVE-2023-29528
CVE-2023-29528 concerns XWiki Commons: the historic “restricted” HTML cleaning mode could be bypassed via invalid HTML comments, enabling cross-site scripting and potentially server-side code execution with programming rights when a privileged user views a crafted comment. Root cause is the HTML ...
Cross-site Scripting (XSS)
thorsten/phpmyfaq is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to improper sanitization in the updatecategory parameter, which allows an attacker to inject and execute malicious JavaScript...
CVE-2023-29515
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can ...
Design/Logic Flaw
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can ...
CVE-2023-29515 Cross-site scripting (XSS) in xwiki-platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can ...
CVE-2023-29515
CVE-2023-29515 affects XWiki Platform. The flaw allows a user who can create a space to become the space admin via the App Within Minutes (AWM) feature, granting the script right and enabling JavaScript injection. Exploitation involves creating an AWM app; alternatively, the app can be created di...
CVE-2023-29515 Cross-site scripting (XSS) in xwiki-platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can ...
CVE-2023-29515 Cross-site scripting (XSS) in xwiki-platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can ...
PT-2023-22297 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.11 XWiki Platform versions prior to 14.4.8 XWiki Platform versions prior to 14.10.1 XWiki Platform versions prior to 15.0 RC1 Description: The XWiki Platform is a generic wiki platform offering runtime...
CVE-2023-29201
XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped and -tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like . ...
CVE-2023-29202
XWiki Commons are technical libraries common to several other top level XWiki projects. The RSS macro that is bundled in XWiki included the content of the feed items without any cleaning in the HTML output when the parameter content was set to true. This allowed arbitrary HTML and in particular...
Cross site scripting
XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped and -tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like . ...
Cross site scripting
XWiki Commons are technical libraries common to several other top level XWiki projects. The RSS macro that is bundled in XWiki included the content of the feed items without any cleaning in the HTML output when the parameter content was set to true. This allowed arbitrary HTML and in particular...
CVE-2023-29202 org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability
XWiki Commons are technical libraries common to several other top level XWiki projects. The RSS macro that is bundled in XWiki included the content of the feed items without any cleaning in the HTML output when the parameter content was set to true. This allowed arbitrary HTML and in particular...