EUVD-2024-28186

Malicious code in bioql PyPI...

EUVD-2024-45838

Malicious code in bioql PyPI...

CVE-2024-52300

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin...

CVE-2024-52299

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest...

CVE-2024-52300

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin...

CVE-2024-52298

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has access to the attachment. For this, the attacker only needs...

CVE-2024-52299

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest...

CVE-2024-52298 macro-pdfviewer's preview in WYSIWYG editor allows accessing any PDF document as the last author

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has access to the attachment. For this, the attacker only needs...

CVE-2024-52299 The PDF viewer macro allows accessing any attachment without access right checks

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest...

CVE-2024-52299

The CVE-2024-52299 entry concerns the XWiki macro-pdfviewer (PDF Viewer Macro using Mozilla pdf.js). The root cause is that the access control key passed to prevent access is computed incorrectly, along with a digest stream issue where calling skip does not update the digest. This permits any use...

CVE-2024-52300 macro-pdfviewer has a XSS through the width parameter

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin...

CVE-2024-52300 macro-pdfviewer has a XSS through the width parameter

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin...

CVE-2024-52300

The CVE-2024-52300 issue affects the XWiki macro-pdfviewer (PDF Viewer Macro) that uses Mozilla pdf.js. The width parameter is not properly escaped, enabling cross-site scripting (XSS) when an admin can edit a page, potentially impacting confidentiality, integrity, and availability of the entire ...

CVE-2024-52300 macro-pdfviewer has a XSS through the width parameter

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin...

GHSA-4M3G-6R7G-JV4F Arbitrary JavaScript execution due to using outdated libraries

Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. PoC 1. Generate a pdf file with a malicious script in the fontmatrix. This will run alert‘XSS’. poc.pdf 2. Run the app. In this PoC, I've used the demo...

CVE-2024-30263

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the file parameter. Users with view rights can access restricted PDF attachments if the...

CVE-2024-30263 The PDF Viewer macro can be used to view PDF attachments with restricted access

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the file parameter. Users with view rights can access restricted PDF attachments if the...

CVE-2024-30263 The PDF Viewer macro can be used to view PDF attachments with restricted access

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the file parameter. Users with view rights can access restricted PDF attachments if the...

CVE-2024-30263

The CVE-2024-30263 issue affects macro-pdfviewer, a PDF Viewer Macro for XWiki that uses Mozilla pdf.js. The vulnerability allows users with editing rights to access restricted PDF attachments by supplying the attachment URL as the value of the file parameter, and users with view rights can acces...