GHSA-CWQ6-MJMX-47P6 XWiki's scheduler in subwiki allows scheduling operations for any main wiki user

Impact Any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document Scheduler.WebHome in a subwiki. Then, click on any operation e.g., Trigger on any job. If the operation is successful...

XWiki's scheduler in subwiki allows scheduling operations for any main wiki user

Impact Any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document Scheduler.WebHome in a subwiki. Then, click on any operation e.g., Trigger on any job. If the operation is successful...

CVE-2024-55876 XWiki's scheduler in subwiki allows scheduling operations for any main wiki user

XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document...

PT-2024-36595 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 1.2-milestone-2 through 15.10.8 XWiki Platform versions 1.2-milestone-2 through 16.2.x Description: The issue allows any user with an account on the main wiki to run scheduling operations on subwikis. To reproduce, a...

CVE-2022-41937 Missing Authorization in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a...

EUVD-2022-6981

XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the...

CVE-2022-29252

XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the WikiManager.JoinWiki wiki page related to the "requestJoin" field. The issue is patched in versions...

Cross site scripting

XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the WikiManager.JoinWiki wiki page related to the "requestJoin" field. The issue is patched in versions...