Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CVE
CVEadded 2023/10/25 8:13 p.m.62 views

CVE-2023-45137

CVE-2023-45137 affects XWiki Platform: vulnerable are the web components enshrined in the platform-web and web-templates modules. The root cause is missing escaping in the error-message shown when creating a document that already exists, allowing raw HTML injection (XSS) via the document referenc...

9CVSS7.1AI score0.01696EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2023/06/23 2:44 p.m.63 views

CVE-2023-34464

The CVE-2023-34464 issue affects XWiki Platform (wiki platform) where any user who can edit a document can create a stored XSS by inserting HTML into a document and having another user visit it via the displaycontent or rendercontent template with plain output syntax. Affected versions are 2.2.1 ...

9CVSS7AI score0.01292EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2023/04/20 10:1 p.m.14 views

GHSA-M3C3-9QJ7-7XMX Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer

Impact The office document viewer macro was allowing anyone to see any file content from the hosting server, provided that the office server was connected and depending on the permissions of the user running the servlet engine e.g. tomcat running XWiki. The same vulnerability also allowed to...

7.5CVSS7.5AI score0.00409EPSS
Exploits1References6
CVE
CVEadded 2023/04/17 9:21 p.m.72 views

CVE-2023-29213

CVE-2023-29213 affects XWiki Platform, specifically the org.xwiki.platform:xwiki-platform-logging-ui component. The vulnerability allows an attacker to trick a user with programming rights into visiting a crafted URL, which can cause remote code execution via injection (e.g., evaluating embedded ...

9CVSS9AI score0.0389EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2023/04/17 9:21 p.m.12 views

CVE-2023-29213 org.xwiki.platform:xwiki-platform-logging-ui Injection vulnerability

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of org.xwiki.platform:xwiki-platform-logging-ui it is possible to trick a user with programming rights into visiting a constructed url where e.g., by embedding an image wi...

9CVSS9.3AI score0.0389EPSS
Exploits1References3
Cvelist
Cvelistadded 2023/04/15 3:27 p.m.18 views

CVE-2023-29205 org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro

XWiki Commons are technical libraries common to several other top level XWiki projects. The HTML macro does not systematically perform a proper neutralization of script-related html tags. As a result, any user able to use the html macro in XWiki, is able to introduce an XSS attack. This can be...

9.9CVSS9.3AI score0.02135EPSS
Exploits1References2
Cvelist
Cvelistadded 2022/11/23 12:0 a.m.14 views

CVE-2022-41930 org.xwiki.platform:xwiki-platform-user-profile-ui missing authorization to enable or disable users

org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user logged in or not with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselves, or to an attack...

7.5CVSS8.3AI score0.00929EPSS
Exploits1References3
Rows per page
Query Builder