Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSV
OSVadded 2023/04/12 8:36 p.m.18 views

GHSA-HMM7-6PH9-8JF2 org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting

Impact A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. For instance, by adding the LiveData below in the about section of the profile of a user created by an admin. javascript liveData id="movie...

8.9CVSS6.7AI score0.04439EPSS
Exploits0References4
OSV
OSVadded 2023/03/03 10:49 p.m.13 views

GHSA-9CQM-5WF7-WCJ7 XWiki Platform users may execute anything with superadmin right through comments and async macro

Impact Comments are supposed to be executed with the right of superadmin but in restricted mode anything dangerous is disabled but the async macro is not taking into account the restricted mode. This means that any user with comment right can use the async macro to make it execute any wiki conten...

9.9CVSS9.3AI score0.11049EPSS
Exploits1References5
OSV
OSVadded 2023/03/03 10:48 p.m.24 views

GHSA-3738-P9X3-MV9R XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author

Impact It's possible to use the right of an existing document content author to execute a text area property. To reproduce: As an admin with programming rights, create a new user without script or programming right. Login with the freshly created user. Insert the following text in source mode in...

9.9CVSS9.2AI score0.02071EPSS
Exploits1References4
OSV
OSVadded 2021/07/02 7:19 p.m.15 views

GHSA-V9J2-Q4Q5-CXH4 No CSRF protection on the password change form

Impact It's possible for forge an URL that, when accessed by an admin, will reset the password of any user in XWiki. Patches The problem has been patched in XWiki 12.10.5, 13.2RC1. Workarounds It's possible to apply the patch manually by modifying the registermacros.vm template like in...

5.7CVSS5.5AI score0.0017EPSS
Exploits1References4
OSV
OSVadded 2021/07/02 7:19 p.m.22 views

GHSA-H4M4-PGP4-WHGM The reset password form reveal users email address

Impact The reset password form reveals the email address of users just by giving their username. Patches The problem has been patched on XWiki 13.2RC1. Workarounds It's possible to manually modify the resetpasswordinline.vm to perform the changes made in...

5.3CVSS5.2AI score0.00087EPSS
Exploits0References5
Packet Storm
Packet Stormadded 2013/08/13 12:0 a.m.32 views

CakePHP 2.3.7 / 2.2.8 Local File Inclusion

CVE Number: N/A not assigned Title: CakePHP AssetDispatcher Local File Inclusion Vulnerability Affected Software: Confirmed on CakePHP v2.3.7, v2.2.8 prior versions may also be affected Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.8 & 2.2.9 was released which...

7.4AI score
Exploits0
Rows per page
Query Builder