12 matches found
EUVD-2025-16054
Malicious code in bioql PyPI...
XWiki's required right warnings for macros are incomplete
Impact When editing content that contains "dangerous" macros like malicious script macros that were authored by a user with fewer rights, XWiki warns about the execution of these macros since XWiki 15.9RC1. These required rights analyzers that trigger these warnings are incomplete, allowing an...
CVE-2025-48063
XWiki is a generic wiki platform. In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are...
GHSA-RHFV-688C-P6HP XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right
Impact In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are editing documents on which...
XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right
Impact In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are editing documents on which...
CVE-2025-48063
XWiki 16.10.0 is vulnerable: any user with edit rights on a document can set programming right as a required right. If a user with programming right later edits that document, the content gains programming right, enabling remote code execution. The issue is mitigated only by upgrading to 16.10.4 ...
CVE-2025-48063 XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right
XWiki is a generic wiki platform. In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are...
CVE-2025-48063 XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right
XWiki is a generic wiki platform. In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are...
The vulnerability of the org.xwiki.platform:xwiki-platform-security-requiredrights-default component of the XWiki Platform, a platform for creating collaborative web applications. This vulnerability allows an attacker to influence the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the org.xwiki.platform:xwiki-platform-security-requiredrights-default component of the XWiki Platform relates to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability could allow an attacker to influence the confidentiality, integrity, and...
CVE-2025-32974 org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type
XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page...
org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type
Impact When editing a page, XWiki warns since version 15.9 when there is content on the page like a script macro that would gain more rights due to the editing. This analysis doesn't consider certain kinds of properties, allowing a user to put malicious scripts in there that will be executed afte...
PT-2025-22410 · Xwiki · Xwiki
Name of the Vulnerable Software and Affected Versions: XWiki versions 16.10.0 through 16.10.3 Description: The issue is related to a bug in the implementation of required rights in XWiki, allowing any user with edit right on a document to set programming right as required right. This could lead t...