8 matches found
CVE-2025-11165
A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...
CVE-2025-11165
A sandbox escape vulnerability exists in dotCMS’s Velocity scripting engine VTools that allows authenticated users with scripting privileges to bypass class and package restrictions enforced by SecureUberspectorImpl. By dynamically modifying the Velocity engine’s runtime configuration and...
XWiki Platform 安全漏洞
XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform versions 8.2, 7.4.5 through 17.1.0-rc-1, 16.10.4, and 16.4.7, which stems from a page that may gain scripting or programming privileges that...
XWiki Platform 安全漏洞
XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform versions 2.3 through 16.3.0, which originates from the ability of any user with scripting privileges to execute arbitrary remote code by...
XWiki Platform Security Vulnerability
XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform that stems from the ability to execute Velocity code without scripting privileges, allowing further privilege escalation...
XWiki Commons 跨站脚本漏洞
XWiki Commons is a technology library shared by several other top XWiki projects. A security vulnerability exists in XWiki Commons, which stems from the fact that if the last author of a page's content has scripting privileges, a user without scripting privileges can use the Live Data macro to...
XWiki Platform 跨站脚本漏洞
XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. A security vulnerability exists in XWiki Platform that stems from the ability of a user without scripting privileges to use live data macros to cause stored cross-site scripting...
XWiki code injection vulnerability (CNVD-2020-58036)
XWiki Platform is the French company XWiki's set of Wiki platform for creating Web collaboration applications. A security vulnerability exists in XWiki version 12.5 and versions prior to 11.10.6, which stems from the fact that any user with scripting privileges editing prior to XWiki 7.4 can acce...