6 matches found
CVE-2025-1799
A vulnerability, which was classified as critical, was found in Zorlan SkyCaiji 2.9. This affects the function previewAction of the file vendor/skycaiji/app/admin/controller/Tool.php. The manipulation of the argument data leads to server-side request forgery. It is possible to initiate the attack...
XWiki Remote Code Execution
PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifyi...
GHSA-H5JM-JJGX-Q2WF XWiki Remote Code Execution
PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifyi...
CVE-2006-7223
PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifyi...
CVE-2006-7223
CVE-2006-7223 affects XWiki 0.9.543 through 0.9.1252. The underlying issue is that PreviewAction does not set the Author field to the identity of the user who last modified a document. This allows remote authenticated users without programming rights to execute arbitrary code by selecting a docum...
CVE-2006-7223
PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifyi...