2 matches found
PT-2026-55226
Name of the Vulnerable Software and Affected Versions Drupal Colorbox versions 0.0.0 through 2.2.0 Description Improper neutralization of input during web page generation allows Cross-Site Scripting XSS, where malicious JavaScript can be injected into the page. This occurs because the module, whi...
GHSA-MVGM-3RW2-7J4R org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type
Impact When editing a page, XWiki warns since version 15.9 when there is content on the page like a script macro that would gain more rights due to the editing. This analysis doesn't consider certain kinds of properties, allowing a user to put malicious scripts in there that will be executed afte...