13 matches found
CVE-2025-65091
XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right to view the Calendar.JSONService page including guest users can exploit a SQL injection vulnerability by accessing database info or starting a DoS attack. This issue has been...
CVE-2025-65091
XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right to view the Calendar.JSONService page including guest users can exploit a SQL injection vulnerability by accessing database info or starting a DoS attack. This issue has been...
CVE-2025-65090
XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.6, users with the rights to view the Calendar.JSONService page including guest users can exploit the data leak vulnerability by accessing database info, with the exception of passwords. This issue has...
EUVD-2026-1699
XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right to view the Calendar.JSONService page including guest users can exploit a SQL injection vulnerability by accessing database info or starting a DoS attack. This issue has been...
CVE-2025-65091 XWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService
XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right to view the Calendar.JSONService page including guest users can exploit a SQL injection vulnerability by accessing database info or starting a DoS attack. This issue has been...
CVE-2025-65091 XWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService
XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right to view the Calendar.JSONService page including guest users can exploit a SQL injection vulnerability by accessing database info or starting a DoS attack. This issue has been...
CVE-2025-65090 XWiki Full Calendar Macro vulnerable to data leak through Calendar.JSONService
XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.6, users with the rights to view the Calendar.JSONService page including guest users can exploit the data leak vulnerability by accessing database info, with the exception of passwords. This issue has...
CVE-2025-65090 XWiki Full Calendar Macro vulnerable to data leak through Calendar.JSONService
XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.6, users with the rights to view the Calendar.JSONService page including guest users can exploit the data leak vulnerability by accessing database info, with the exception of passwords. This issue has...
CVE-2025-65090
Summary: CVE-2025-65090 affects the XWiki Full Calendar Macro. Prior to version 2.4.6, users with rights to view the Calendar.JSONService page (including guests) could access database information via the calendar data exposed by the macro, constituting a data-leak vulnerability. The issue has bee...
XWiki Full Calendar Macro 信息泄露漏洞
XWiki Full Calendar Macro is an open source log table extension component for XWiki. An information disclosure vulnerability exists in XWiki Full Calendar Macro versions prior to 2.4.6, which originates from a user with permission to view the Calendar.JSONService page may be able to access databa...
PT-2026-1846
Name of the Vulnerable Software and Affected Versions XWiki versions prior to 2.4.6 Description The XWiki Full Calendar Macro displays objects from the wiki on a calendar. Users with permission to view the Calendar.JSONService page, including guest users, can access database information, excludin...
Specially crafted Json service request allows full control over a Liferay portal instance
Specially crafted Json service request allows full control over a Liferay portal instance Description: Liferay Portal is an enterprise portal written in Java By doing a single http request you can reconfigure Liferay to use a remote Memcached cache instead of it's own cache...
Liferay JSON Service Information Leakage
Minded Security Labs: Advisory MSA251009 Liferay Json Service Multiple Information Leakage Tested Versions: Liferay Portal 4.x and 5.x Minded Security ReferenceID: MSA251009 Credits: Discovery by Stefano Di Paola of Minded Security stefano.dipaola at mindedsecurity.com Reference:...