Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-16054

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.0078EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/06/13 8:38 p.m.15 views

XWiki's required right warnings for macros are incomplete

Impact When editing content that contains "dangerous" macros like malicious script macros that were authored by a user with fewer rights, XWiki warns about the execution of these macros since XWiki 15.9RC1. These required rights analyzers that trigger these warnings are incomplete, allowing an...

8.6CVSS7.2AI score0.00717EPSS
Exploits1References11Affected Software4
RedhatCVE
RedhatCVE
added 2025/05/23 6:17 p.m.14 views

CVE-2025-48063

XWiki is a generic wiki platform. In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are...

8.8CVSS7.8AI score0.0078EPSS
Exploits1References1
OSV
OSV
added 2025/05/21 6:26 p.m.14 views

GHSA-RHFV-688C-P6HP XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right

Impact In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are editing documents on which...

4.8CVSS8AI score0.0078EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/05/21 6:26 p.m.17 views

XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right

Impact In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are editing documents on which...

8.8CVSS8AI score0.0078EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2025/05/21 5:38 p.m.55 views

CVE-2025-48063

XWiki 16.10.0 is vulnerable: any user with edit rights on a document can set programming right as a required right. If a user with programming right later edits that document, the content gains programming right, enabling remote code execution. The issue is mitigated only by upgrading to 16.10.4 ...

8.8CVSS7.4AI score0.0078EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/05/21 5:38 p.m.18 views

CVE-2025-48063 XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right

XWiki is a generic wiki platform. In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are...

4.8CVSS7.5AI score0.0078EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/05/21 5:38 p.m.47 views

CVE-2025-48063 XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right

XWiki is a generic wiki platform. In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are...

4.8CVSS0.0078EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2025/05/09 12:0 a.m.5 views

The vulnerability of the org.xwiki.platform:xwiki-platform-security-requiredrights-default component of the XWiki Platform, a platform for creating collaborative web applications. This vulnerability allows an attacker to influence the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the org.xwiki.platform:xwiki-platform-security-requiredrights-default component of the XWiki Platform relates to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability could allow an attacker to influence the confidentiality, integrity, and...

9CVSS5.4AI score0.00298EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/04/30 2:55 p.m.36 views

CVE-2025-32974 org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type

XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page...

9CVSS0.00298EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/04/29 2:5 p.m.19 views

org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type

Impact When editing a page, XWiki warns since version 15.9 when there is content on the page like a script macro that would gain more rights due to the editing. This analysis doesn't consider certain kinds of properties, allowing a user to put malicious scripts in there that will be executed afte...

9CVSS6.9AI score0.00298EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/06 12:0 a.m.5 views

PT-2025-22410 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions 16.10.0 through 16.10.3 Description: The issue is related to a bug in the implementation of required rights in XWiki, allowing any user with edit right on a document to set programming right as required right. This could lead t...

8.8CVSS7AI score0.0078EPSS
Exploits1References11
Rows per page
Query Builder