13 matches found
CVE-2023-29202
XWiki Commons are technical libraries common to several other top level XWiki projects. The RSS macro that is bundled in XWiki included the content of the feed items without any cleaning in the HTML output when the parameter content was set to true. This allowed arbitrary HTML and in particular...
EUVD-2023-1264
Malicious code in bioql PyPI...
XWiki 1.8 < 14.6 XSS Vulnerability (GHSA-c885-89fw-55qr)
Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...
CVE-2023-29202
XWiki Commons are technical libraries common to several other top level XWiki projects. The RSS macro that is bundled in XWiki included the content of the feed items without any cleaning in the HTML output when the parameter content was set to true. This allowed arbitrary HTML and in particular...
Cross site scripting
XWiki Commons are technical libraries common to several other top level XWiki projects. The RSS macro that is bundled in XWiki included the content of the feed items without any cleaning in the HTML output when the parameter content was set to true. This allowed arbitrary HTML and in particular...
CVE-2023-29202 org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability
XWiki Commons are technical libraries common to several other top level XWiki projects. The RSS macro that is bundled in XWiki included the content of the feed items without any cleaning in the HTML output when the parameter content was set to true. This allowed arbitrary HTML and in particular...
CVE-2023-29202 org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability
XWiki Commons are technical libraries common to several other top level XWiki projects. The RSS macro that is bundled in XWiki included the content of the feed items without any cleaning in the HTML output when the parameter content was set to true. This allowed arbitrary HTML and in particular...
XWiki Commons 跨站脚本漏洞
XWiki Commons is a technology library shared by several other top XWiki projects. A cross-site scripting vulnerability exists in XWiki Commons, which stems from the fact that when the parameter content is set to true, the RSS macro bundled with XWiki contains the content of feed items without any...
GHSA-C885-89FW-55QR org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability
Impact The RSS macro that is bundled in XWiki included the content of the feed items without any cleaning in the HTML output when the parameter content was set to true. This allowed arbitrary HTML and in particular also JavaScript injection and thus cross-site scripting XSS by specifying an RSS...
org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability
Impact The RSS macro that is bundled in XWiki included the content of the feed items without any cleaning in the HTML output when the parameter content was set to true. This allowed arbitrary HTML and in particular also JavaScript injection and thus cross-site scripting XSS by specifying an RSS...
Atlassian Confluence XSS Vulnerability
Atlassian Confluence is prone to a cross-site scripting vulnerability through various RSS properties in the RSS macro. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
RSS Macro should not trust all content from the origin server by default.
The RSS feed macro currently appears to be enabled by default in Confluence. This is contrary to the information contained in the following Confluence documentation: https://confluence.atlassian.com/display/DOC/RSS+Feed+Macro While a whitelist is enforced by default, as confluence implicitly trus...
A page containing the rss-macro is not displayed if the requested rss-feed is "down"
A page containing the rss-feed macro is not shown if the requested rss-feed is "down" there's no response sent to the browser. It would certainly be better if the page could be displayed anyway; perhaps with a message stating that the feed contents can't be fetched...