CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

RedhatCVE•added 2026/01/09 9:0 a.m.•9 views

CVE-2023-29524

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute anything with the right of the Scheduler Application sheet page. A user without script or programming rights, edit your user profile with the object editor and add a n...

9.9CVSS7.1AI score0.76297EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-15508

Malware in sbrugna...

6.1CVSS6.6AI score0.0104EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-15546

Malware in sbrugna...

6.1CVSS5.4AI score0.01122EPSS

Exploits0References3

BDU FSTEC•added 2024/02/14 12:0 a.m.•7 views

The vulnerability of the Scheduler Application component of the XWiki Platform, a platform for creating collaborative web applications. This vulnerability allows a perpetrator to execute arbitrary code.

The vulnerability of the Scheduler Application component in the XWiki platform for creating collaborative web applications exists due to the failure to address issues related to eliminating specific elements. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

9CVSS8AI score0.76297EPSS

Exploits1References4Affected Software1

NVD•added 2023/04/19 12:15 a.m.•20 views

CVE-2023-29524

9.9CVSS9.6AI score0.76297EPSS

Exploits1References3

Prion•added 2023/04/19 12:15 a.m.•15 views

Design/Logic Flaw

6.5CVSS8.7AI score0.76297EPSS

Exploits1References3Affected Software1

CVE•added 2023/04/18 11:4 p.m.•55 views

CVE-2023-29524

The CVE affects XWiki Platform. A groovy script can be injected via the SchedulerJobSheet when a user without scripting rights edits their profile and adds a XWiki.SchedulerJobClass, causing server-side code execution on view. The issue has been patched in XWiki 14.10.3 and 15.0 RC1; upgrading is...

9.9CVSS9.3AI score0.76297EPSS

Exploits1References3Affected Software1

OSV•added 2023/04/18 11:4 p.m.•26 views

CVE-2023-29524 Code injection from account through XWiki.SchedulerJobSheet in xwiki-platform

9.9CVSS8.4AI score0.76297EPSS

Exploits1References5

CNNVD•added 2023/04/18 12:0 a.m.•4 views

XWiki Platform 注入漏洞

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from XWiki France. An injection vulnerability exists in XWiki Platform that originates from the use of the right side of the Scheduler Application worksheet page to perform any action...

9.9CVSS7.9AI score0.76297EPSS

Exploits1References5

Positive Technologies•added 2022/10/27 12:0 a.m.•4 views

PT-2022-26699 · Unknown · Train Scheduler App

Name of the Vulnerable Software and Affected Versions: Train Scheduler App version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields. This enables the execution of...

5.4CVSS6AI score0.00591EPSS

Exploits1References5