Lucene search
K

8 matches found

NVD
NVD
added 2023/08/23 9:15 p.m.43 views

CVE-2023-40177

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is...

9.9CVSS9.6AI score0.00983EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/11/03 12:0 a.m.4 views

PT-2024-32313 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 13.2-rc-1 through 14.10.20 XWiki Platform versions 15.0.0 through 15.5.4 XWiki Platform versions 15.10.0 Description: The issue allows any user knowing the ID of a notification filter preference of another user to...

7.1CVSS6.8AI score0.00519EPSS
Exploits1References16
NVD
NVD
added 2022/09/08 9:15 p.m.37 views

CVE-2022-36100

XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document Main.Tags in XWiki didn't sanitize user inputs...

9.9CVSS0.73608EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/09/08 9:10 p.m.42 views

CVE-2022-36100 XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection

XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document Main.Tags in XWiki didn't sanitize user inputs...

9.9CVSS8.9AI score0.73608EPSS
Exploits1References3
NVD
NVD
added 2022/09/08 6:15 p.m.37 views

CVE-2022-36092

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 14.2 and 13.10.4, all rights checks that would normally prevent a user from viewing a document on a wiki can be bypassed using the login action and directly specified templates. This exposes...

7.5CVSS0.00816EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/09/08 5:15 p.m.10 views

CVE-2022-36092 XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 14.2 and 13.10.4, all rights checks that would normally prevent a user from viewing a document on a wiki can be bypassed using the login action and directly specified templates. This exposes...

7.5CVSS7.5AI score0.00816EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/23 12:0 a.m.3 views

Bosch Ethernet switch PRA-ES8P2S 安全漏洞

Bosch Ethernet switch PRA-ES8P2S is a switch from Bosch, Germany. Bosch Ethernet switch PRA-ES8P2S has a security vulnerability in the user access rights checks, which can be exploited by remote attackers to submit special requests that can elevate privileges and gain administrator rights...

9CVSS5.7AI score0.00963EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/09/14 12:0 a.m.3 views

SAP NetWeaver Application Server Java 授权问题漏洞

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used for developing and running Java EE applications. An authorization issue vulnerability exists in SAP NetWeaver Application Server Java version...

10CVSS8.4AI score0.01211EPSS
Exploits0References5
Rows per page
Query Builder