Lucene search
+L

52 matches found

Vulnrichment
Vulnrichment
added 2023/04/16 7:0 a.m.7 views

CVE-2023-29508 org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Cross-site Scripting

XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11...

8.9CVSS8.4AI score0.00423EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/04/16 7:0 a.m.67 views

CVE-2023-29508 org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Cross-site Scripting

XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11...

8.9CVSS8.5AI score0.00423EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/16 12:0 a.m.26 views

XWiki Commons 跨站脚本漏洞

XWiki Commons is a technology library shared by several other top XWiki projects. A security vulnerability exists in XWiki Commons, which stems from the fact that if the last author of a page's content has scripting privileges, a user without scripting privileges can use the Live Data macro to...

8.9CVSS4.9AI score0.00423EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/03/03 10:53 p.m.30 views

XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data

Impact A user without script rights can introduce a stored XSS by using the Live Data macro. For instance: liveData id="movies" properties="title,description" "data": "count": 1, "entries": "title": "Meet John Doe", "url": "https://www.imdb.com/title/tt0033891/", "description": "" , "meta":...

8.9CVSS5.2AI score0.00671EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2023/03/03 10:53 p.m.24 views

GHSA-32FQ-M2Q5-H83G XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data

Impact A user without script rights can introduce a stored XSS by using the Live Data macro. For instance: liveData id="movies" properties="title,description" "data": "count": 1, "entries": "title": "Meet John Doe", "url": "https://www.imdb.com/title/tt0033891/", "description": "" , "meta":...

8.9CVSS6.7AI score0.00671EPSS
Exploits1References6
NVD
NVD
added 2023/03/02 6:15 p.m.40 views

CVE-2023-26480

XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XWiki 14.9, 14.4.7, and 13.10.10. There are no known workarounds...

8.9CVSS8.4AI score0.00671EPSS
Exploits1References4
Prion
Prion
added 2023/03/02 6:15 p.m.18 views

Cross site scripting

XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XWiki 14.9, 14.4.7, and 13.10.10. There are no known workarounds...

4.9CVSS5.2AI score0.00671EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/02 5:9 p.m.5 views

CVE-2023-26480 XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data

XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XWiki 14.9, 14.4.7, and 13.10.10. There are no known workarounds...

8.9CVSS6.3AI score0.00671EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/03/02 5:9 p.m.45 views

CVE-2023-26480 XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data

XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XWiki 14.9, 14.4.7, and 13.10.10. There are no known workarounds...

8.9CVSS8.5AI score0.00671EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/03/02 12:0 a.m.5 views

XWiki Platform 跨站脚本漏洞

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. A security vulnerability exists in XWiki Platform that stems from the ability of a user without scripting privileges to use live data macros to cause stored cross-site scripting...

8.9CVSS4.9AI score0.00671EPSS
Exploits1References5
NVD
NVD
added 2023/02/14 6:15 a.m.15 views

CVE-2022-43469

Cross-Site Request Forgery CSRF vulnerability in Orchestrated Corona Virus COVID-19 Banner & Live Data plugin = 1.7.0.6 versions...

8.8CVSS6.5AI score0.00264EPSS
Exploits0References1
OSV
OSV
added 2023/02/14 6:15 a.m.2 views

CVE-2022-43469

Cross-Site Request Forgery CSRF vulnerability in Orchestrated Corona Virus COVID-19 Banner & Live Data plugin = 1.7.0.6 versions...

8.8CVSS5.8AI score0.00264EPSS
Exploits0References1
CVE
CVE
added 2023/02/14 5:20 a.m.47 views

CVE-2022-43469

CVE-2022-43469 affects the WordPress plugin “Orchestrated Corona Virus (COVID-19) Banner & Live Data” up to version 1.7.0.6, which is vulnerable to Cross-Site Request Forgery (CSRF). The Red Hat/NVD entries, Patchstack, PT-2023-14218 and other sources confirm CSRF with no patches available from t...

8.8CVSS7.1AI score0.00264EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2022/10/24 12:0 a.m.20 views

WordPress Corona Virus (COVID-19) Banner & Live Data plugin <= 1.7.0.6 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress Corona Virus COVID-19 Banner & Live Data plugin versions = 1.7.0.6. Solution No patched version is available. No reply from the vendor...

3.9AI score0.00264EPSS
Exploits0Affected Software1
Prion
Prion
added 2020/07/07 8:15 p.m.18 views

Sql injection

SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql...

7.5CVSS9.8AI score0.01407EPSS
Exploits1References3
Cvelist
Cvelist
added 2020/07/07 7:20 p.m.24 views

CVE-2020-8521

SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql...

10AI score0.01407EPSS
Exploits1References3
Cvelist
Cvelist
added 2020/07/07 7:20 p.m.18 views

CVE-2020-8519

SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql...

9.9AI score0.01407EPSS
Exploits1References3
CNVD
CNVD
added 2020/05/13 12:0 a.m.3 views

SAP Business Objects Business Intelligence Platform Access Control Error Vulnerability

SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. An access control error vulnerability exists in SAP Business Objects...

9.8CVSS6.9AI score0.00844EPSS
Exploits0References1
OSV
OSV
added 2020/05/12 6:15 p.m.5 views

CVE-2020-6242

SAP Business Objects Business Intelligence Platform Live Data Connect, versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing...

9.8CVSS7.3AI score0.00844EPSS
Exploits0References2
Prion
Prion
added 2020/05/12 6:15 p.m.17 views

Authentication flaw

SAP Business Objects Business Intelligence Platform Live Data Connect, versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing...

7.5CVSS9.4AI score0.00844EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder