12 matches found
EUVD-2023-1326
Malicious code in bioql PyPI...
EUVD-2023-0840
Malicious code in bioql PyPI...
CVE-2023-29508
XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11...
CVE-2023-26480
XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XWiki 14.9, 14.4.7, and 13.10.10. There are no known workarounds...
Cross site scripting
XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11...
CVE-2023-29508 org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Cross-site Scripting
XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11...
CVE-2023-29508 org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Cross-site Scripting
XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11...
XWiki Commons 跨站脚本漏洞
XWiki Commons is a technology library shared by several other top XWiki projects. A security vulnerability exists in XWiki Commons, which stems from the fact that if the last author of a page's content has scripting privileges, a user without scripting privileges can use the Live Data macro to...
XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data
Impact A user without script rights can introduce a stored XSS by using the Live Data macro. For instance: liveData id="movies" properties="title,description" "data": "count": 1, "entries": "title": "Meet John Doe", "url": "https://www.imdb.com/title/tt0033891/", "description": "" , "meta":...
CVE-2023-26480
XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XWiki 14.9, 14.4.7, and 13.10.10. There are no known workarounds...
Cross site scripting
XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XWiki 14.9, 14.4.7, and 13.10.10. There are no known workarounds...
CVE-2023-26480 XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data
XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XWiki 14.9, 14.4.7, and 13.10.10. There are no known workarounds...