8 matches found
CVE-2023-40177
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is...
PT-2024-32313 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 13.2-rc-1 through 14.10.20 XWiki Platform versions 15.0.0 through 15.5.4 XWiki Platform versions 15.10.0 Description: The issue allows any user knowing the ID of a notification filter preference of another user to...
CVE-2022-36100
XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document Main.Tags in XWiki didn't sanitize user inputs...
CVE-2022-36100 XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection
XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document Main.Tags in XWiki didn't sanitize user inputs...
CVE-2022-36092
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 14.2 and 13.10.4, all rights checks that would normally prevent a user from viewing a document on a wiki can be bypassed using the login action and directly specified templates. This exposes...
CVE-2022-36092 XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 14.2 and 13.10.4, all rights checks that would normally prevent a user from viewing a document on a wiki can be bypassed using the login action and directly specified templates. This exposes...
Bosch Ethernet switch PRA-ES8P2S 安全漏洞
Bosch Ethernet switch PRA-ES8P2S is a switch from Bosch, Germany. Bosch Ethernet switch PRA-ES8P2S has a security vulnerability in the user access rights checks, which can be exploited by remote attackers to submit special requests that can elevate privileges and gain administrator rights...
SAP NetWeaver Application Server Java 授权问题漏洞
SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used for developing and running Java EE applications. An authorization issue vulnerability exists in SAP NetWeaver Application Server Java version...