Lucene search
K

74 matches found

CVE
CVE
added 2025/05/21 5:38 p.m.55 views

CVE-2025-48063

XWiki 16.10.0 is vulnerable: any user with edit rights on a document can set programming right as a required right. If a user with programming right later edits that document, the content gains programming right, enabling remote code execution. The issue is mitigated only by upgrading to 16.10.4 ...

8.8CVSS7.4AI score0.0078EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/02 3:24 p.m.18 views

CVE-2025-32971

XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr script service that is accessible in XWiki's...

3.8CVSS6.8AI score0.00334EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/02 3:23 p.m.10 views

CVE-2025-32973

XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, when a user with programming rights edits a document in XWiki that was last edited by a user without programming rights and...

9CVSS6.8AI score0.00338EPSS
Exploits1References1
NVD
NVD
added 2025/04/30 3:16 p.m.17 views

CVE-2025-32973

XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, when a user with programming rights edits a document in XWiki that was last edited by a user without programming rights and...

9CVSS0.00338EPSS
Exploits1References3
NVD
NVD
added 2025/04/30 3:16 p.m.21 views

CVE-2025-32971

XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr script service that is accessible in XWiki's...

3.8CVSS0.00334EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/04/30 2:55 p.m.66 views

CVE-2025-32973 org.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming right

XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, when a user with programming rights edits a document in XWiki that was last edited by a user without programming rights and...

9CVSS0.00338EPSS
Exploits1References3
OSV
OSV
added 2025/04/30 2:55 p.m.24 views

CVE-2025-32973 org.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming right

XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, when a user with programming rights edits a document in XWiki that was last edited by a user without programming rights and...

9CVSS6.6AI score0.00338EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/04/30 2:55 p.m.16 views

CVE-2025-32973 org.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming right

XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, when a user with programming rights edits a document in XWiki that was last edited by a user without programming rights and...

9CVSS6.9AI score0.00338EPSS
Exploits1References3
CVE
CVE
added 2025/04/30 2:55 p.m.67 views

CVE-2025-32973

Summary: CVE-2025-32973 affects XWiki Platform (org.xwiki.platform:xwiki-platform-component-wiki). In specific version ranges (15.9-rc-1 to before 15.10.12, 16.0.0-rc-1 to before 16.4.3, and 16.5.0-rc-1 to before 16.8.0-rc-1), a user with programming rights edits a document that was last edited b...

9CVSS9.2AI score0.00338EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/04/30 2:54 p.m.54 views

CVE-2025-32972 The lesscss script service allows cache clearing without programming right

XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki is incorrectly checking for rights when calling the cache cleaning API, makin...

2.7CVSS0.00412EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/04/30 2:54 p.m.56 views

CVE-2025-32971 XWiki Solr script service doesn't take dropped programming right into account

XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr script service that is accessible in XWiki's...

3.8CVSS0.00334EPSS
Exploits1References3
CVE
CVE
added 2025/04/30 2:54 p.m.69 views

CVE-2025-32971

CVE-2025-32971 affects XWiki where the Solr script service can be invoked via the scripting API without properly accounting for dropped programming rights. The root cause is using an incorrect API to verify rights, so a user with script rights could bypass protections after calling $xcontext.drop...

3.8CVSS4.5AI score0.00334EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/30 2:54 p.m.15 views

CVE-2025-32971 XWiki Solr script service doesn't take dropped programming right into account

XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr script service that is accessible in XWiki's...

3.8CVSS6.8AI score0.00334EPSS
Exploits1References3
OSV
OSV
added 2025/04/30 2:54 p.m.24 views

CVE-2025-32971 XWiki Solr script service doesn't take dropped programming right into account

XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr script service that is accessible in XWiki's...

3.8CVSS6.7AI score0.00334EPSS
Exploits1References5
OSV
OSV
added 2025/04/29 2:3 p.m.9 views

GHSA-X7WV-5QG4-VMR6 org.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming right

Impact When a user with programming right edits a document in XWiki that was last edited by a user without programming right and contains an XWiki.ComponentClass, there is no warning that this will grant programming right to this object. An attacker who created such a malicious object could use...

9CVSS7AI score0.00338EPSS
Exploits1References5
OSV
OSV
added 2025/04/29 1:59 p.m.13 views

GHSA-987P-R3JC-8C8V Solr script service doesn't take dropped programming right into account

Impact The Solr script service that is accessible in XWiki's scripting API normally requires programming right to be called. Due to using the wrong API for checking rights, it doesn't take the fact into account that programming rights might have been dropped by calling $xcontext.dropPermissions. ...

3.8CVSS6.9AI score0.00334EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/04/29 1:59 p.m.15 views

Solr script service doesn't take dropped programming right into account

Impact The Solr script service that is accessible in XWiki's scripting API normally requires programming right to be called. Due to using the wrong API for checking rights, it doesn't take the fact into account that programming rights might have been dropped by calling $xcontext.dropPermissions. ...

3.8CVSS6.8AI score0.00334EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/12/12 7:23 p.m.17 views

GHSA-J2PQ-22JJ-4PM5 XWiki allows remote code execution through the extension sheet

Impact On instances where Extension Repository Application is installed, any user can execute any code requiring programming rights on the server. In order to reproduce on an instance, as a normal user without script nor programming rights, go to your profile and add an object of type...

9.9CVSS9.6AI score0.00764EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/12/12 7:23 p.m.21 views

XWiki allows remote code execution through the extension sheet

Impact On instances where Extension Repository Application is installed, any user can execute any code requiring programming rights on the server. In order to reproduce on an instance, as a normal user without script nor programming rights, go to your profile and add an object of type...

9.9CVSS7AI score0.00764EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2024/12/12 6:15 p.m.16 views

CVE-2024-55662

XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where Extension Repository Application is installed, any user can execute any code requiring programming rights on the server. This vulnerability has been fixed in...

9.9CVSS0.00764EPSS
Exploits1References3
Rows per page
Query Builder