9 matches found
XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults
Impact Any logged in user can add dangerous content in their first name field and see it executed with programming rights. Leading to rights escalation. Patches The vulnerability has been fixed on XWiki 14.4.8, 14.10.6, and 15.1. Workarounds The vulnerability can be fixed by applying this patch. ...
GHSA-RF8J-Q39G-7XFM XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults
Impact Any logged in user can add dangerous content in their first name field and see it executed with programming rights. Leading to rights escalation. Patches The vulnerability has been fixed on XWiki 14.4.8, 14.10.6, and 15.1. Workarounds The vulnerability can be fixed by applying this patch. ...
XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor
Impact Users can deduce the content of the password fields by repeated call to LiveTableResults and WikisLiveTableResultsMacros. Patches The issue is applied on versions 14.7-rc-1, 13.4.4, and 13.10.9. Workarounds The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, and 13.10.9 and...
GHSA-5CF8-VRR8-8HJM XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor
Impact Users can deduce the content of the password fields by repeated call to LiveTableResults and WikisLiveTableResultsMacros. Patches The issue is applied on versions 14.7-rc-1, 13.4.4, and 13.10.9. Workarounds The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, and 13.10.9 and...
CVE-2023-26476
XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to LiveTableResults and WikisLiveTableResultsMacros. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and higher, or in version ...
Design/Logic Flaw
XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to LiveTableResults and WikisLiveTableResultsMacros. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and higher, or in version ...
CVE-2023-26476 Two XWiki Platform UIs Expose Sensitive Information to an Unauthorized Actor
XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to LiveTableResults and WikisLiveTableResultsMacros. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and higher, or in version ...
CVE-2023-26476
CVE-2023-26476 affects XWiki Platform. Starting in 3.2-m3, attackers could deduce password-field contents via repeated calls to LiveTableResults and WikisLiveTableResultsMacros. Public details confirm fixes: upgrade to 14.7-rc-1, 13.4.4, or 13.10.9 and higher, or apply the patch manually on LiveT...
CVE-2023-26476 Two XWiki Platform UIs Expose Sensitive Information to an Unauthorized Actor
XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to LiveTableResults and WikisLiveTableResultsMacros. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and higher, or in version ...